Possible to disable TLS 1.1 in Watchguard System Manager?

We're running WSM 12.8.2, and I've disabled TLS 1.0 with the check boxes in Watchguard Server Center, but I don't see a way to disable TLS 1.1

We're getting dinged on security scans because TLS 1.1 is still listening on ports 4115, 4119, 4121, 4130, etc.

I see in the documentation that only TLS 1.2 is used for communication since v11.10. Is there any way to disable TLS 1.1?

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Brad
    We're currently working on an option to disable TLS1.1 for the WatchGuard System Center server (WSC). That enhancement is FBX-23887.

    In the interim, you can navigate to C:\programdata\watchguard\wmserver\conf\httpd.conf and remove the +TLS1.1 item from the SSLProtocol line. You'll need to restart the server center processes for this to read the new config.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.