Data Protection Advisor (DPA): How to configure DPA to only use TLS 1.2


   Article Number:     529063                                   Article Version: 3     Article Type:    How To 




Data Protection Advisor,Data Protection Advisor 18.1,Data Protection Advisor 18.2,Data Protection Advisor 6.5





The DPA Application Server contains a Web Server which is listening on port 9002. This Web Server is what provides the GUI for DPA.  Additional Web Server uses Transport Layer Security (TLS) as part of the security protocol for all the connections made to it.  Thus configuration of the TLS version used is done on the Web Server which is the DPA Application Server in this case..   
    By default, the DPA Web Server is configured to be able to use protocols TLS 1.0, TLS 1.1, TLS 1.2 to allow for backwards compatibility for older systems.   
    For security reasons there may be a requirement to disable previous TLS versions use within DPA. The following commands can be used to will change the DPA Application Server's configuration to “only use TLS 1.2” and prevent the use of TLS 1.0 and TLS 1.1   
    On the Application Server, using an account with Administrator privileges (Windows) or as root, (Linux) run the following command from  <Install directory>\services\bin:   
    1. Stop the DPA Application server:   
    dpa app stop   
    2. Run the following command to set the TLS protocol version to only use version 1.2:   
    dpa app tls 1.2   
    3. Start the DPA Application server:   
    dpa app start