Retaining TLS 1.0 or 1.1 as an Acceptable Protocol

After you complete a new installation or upgrade of Sentinel LDK-EMS, the file server.xml includes only TLS version 1.2 as the acceptable cryptographic protocol. This version of TLS is more secure than earlier versions.

If, for any reason, you want to include TLS version 1.0 or 1.1 as an acceptable protocol, you must modify server.xml manually as described below.

NOTE   The TLS 1.0 and 1.1 cryptographic protocols have known vulnerabilities. Thales highly recommends that you not add TLS 1.0 or 1.1 as an acceptable protocol.

To retain TLS 1.0 or TLS 1.1 as acceptable protocols in server.xml:

1.On the machine where Sentinel LDK-EMS is installed, open the following file in a text editor:

%ProgramFiles(x86)%\Thales\Sentinel EMS\EMSServer\conf\server.xml

2.Locate the following string in the Connector tag:

sslEnabledProtocols ="TLSv1.2"

3.Add TLSv1 or TLSv1.1 (or both) to the string. For example:

sslEnabledProtocols ="TLSv1+TLSv1.1+TLSv1.2"

4.Save the file.

5.In the Services window, stop and then restart Sentinel LDK-EMS Service.