rsingh
September 4, 2020, 3:18pm
1
for PCI compliance i have been asked to turn off - i did turn off and was unable to login to bigfix and had to restore the VM. has anyone run into these issues when they had to turn off. I have Bigfix version 10.0.1.41
TLS 1.0 & 1.2
RC4 cipher
SSL3
You sure the intent wasn’t to turn off the 1.0 and 1.1, leaving only tls 1.2 enabled?
I echo Jason’s comment. 1.2 should be on.
From BES, you primarily just need to “Enable Enhanced Security”
Though there are other steps for WebReports, https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Web_Reports/c_web_reports_https_registry_set.html
and if you run the notification service
ID 4597 Enable TLS1.2 for Notification Service
rsingh
September 4, 2020, 7:12pm
4
apologies i think you are correct - i just ned to disable 1.0
rsingh
September 7, 2020, 11:14am
5
This is what I need to disable TLS for bigfix web port 3000
Any idea how I can disable that
Yes, run Task ID: 4597 Enable TLS1.2 for Notification Service
if you don’t have that… Some manual old directions I had were:
Open \BigFix Enterprise\BES Server\Applications\NotificationService\apps\ns-notifier\app\server\notifier_server.js
Towards the bottom of that file, add the line highlighted (and don’t forget to add the comma to the end of the ‘passphrase’ line too)
var options = { key: key, cert: cert, passphrase: ‘CBFACC092A654f2bBF06EF73FCA3DA41’, secureProtocol: ‘TLSv1_2_server_method’ };
Identify and kill any processes associated with the NS’s notifier component