Changing TLS protocols

To change the TLS protocol version, use the following CLI command in CONFIG mode:

httpd protocol protocol-list

You can configure the following TLS versions:

•TLSv1

•TLSv1.1

•TLSv1.2.

Enter the versions as a comma-separated list. Ivanti recommends allowing HTTPS traffic on port 8443 from the corporate network, limited to Ivanti applications only. This service is intended for Ivanti Standalone Sentry System Manager and must have strictly controlled access. The updates will be applied to port 8443 and 9090 only. By default, TLSv1 is disabled and TLSv1.1 and TLSv1.2 are enabled on ports 8443 and 9090.

Example:

sentry/config# httpd protocol tlsv1.1,tlsv1.2

Changes will issue restart of httpd service and Sentry system service might be distrupted.

Would you like to proceed? [y/n]: y

sentry/config# do show httpd protocol

+--------+---------------------------

Port + TLS Protocols Enabled

+--------+---------------------------

8443 TLSv1.1,TLSv1.2

9090 TLSv1.1,TLSv1.2

sentry/config#