Turn off TSL 1.2

for PCI compliance i have been asked to turn off - i did turn off and was unable to login to bigfix and had to restore the VM. has anyone run into these issues when they had to turn off. I have Bigfix version 10.0.1.41

TLS 1.0 & 1.2
RC4 cipher
SSL3

You sure the intent wasn’t to turn off the 1.0 and 1.1, leaving only tls 1.2 enabled?

I echo Jason’s comment. 1.2 should be on.

From BES, you primarily just need to “Enable Enhanced Security”

Though there are other steps for WebReports, https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Web_Reports/c_web_reports_https_registry_set.html

and if you run the notification service
ID 4597 Enable TLS1.2 for Notification Service

apologies i think you are correct - i just ned to disable 1.0

This is what I need to disable TLS for bigfix web port 3000

Any idea how I can disable that

Yes, run Task ID: 4597 Enable TLS1.2 for Notification Service

if you don’t have that… Some manual old directions I had were:

  1. Open \BigFix Enterprise\BES Server\Applications\NotificationService\apps\ns-notifier\app\server\notifier_server.js
  2. Towards the bottom of that file, add the line highlighted (and don’t forget to add the comma to the end of the ‘passphrase’ line too)
  3. var options = { key: key, cert: cert, passphrase: ‘CBFACC092A654f2bBF06EF73FCA3DA41’, secureProtocol: ‘TLSv1_2_server_method’ };
  4. Identify and kill any processes associated with the NS’s notifier component