问题描述
如何为glassfish管理控制台(admin-listener,端口4848,jdk1.8.0_261)禁用TLS1.0和TLS1.1?
我不想在服务器级别(/usr/java/jdk1.8.0_261-amd64/jre/lib/security/java.security)禁用它,因为它可能会影响在其上运行的应用程序。因此,我正在寻找一种在侦听器端禁用TLS1.0和TLS1.1的方法。
当我尝试通过命令行禁用它时,它抛出以下错误:
[root@appweb home]# /opt/glassfish5/glassfish/bin/asadmin set configs.config.server-config.network-config.protocols.protocol.admin-listener.ssl.tls-enabled=false
Enter admin user name> admin
Enter admin password for user "admin">
remote failure: No configuration found for configs.config.server-config.network-config.protocols.protocol.admin-listener.ssl
Command set Failed.
[root@appweb home]#
解决方法
我通过和asadmin玩了一段时间找到了解决方案。这是最终结果:
[root@appweb]# /opt/glassfish5/glassfish/bin/asadmin set configs.config.server-config.network-config.protocols.protocol.sec-admin-listener.ssl.tls-enabled=false
Enter admin user name> admin
Enter admin password for user "admin">
configs.config.server-config.network-config.protocols.protocol.sec-admin-listener.ssl.tls-enabled=false
Command set executed successfully.
[root@appweb]#
[root@appweb]# /opt/glassfish5/glassfish/bin/asadmin set configs.config.server-config.network-config.protocols.protocol.sec-admin-listener.ssl.tls11-enabled=false
Enter admin user name> admin
Enter admin password for user "admin">
configs.config.server-config.network-config.protocols.protocol.sec-admin-listener.ssl.tls11-enabled=false
Command set executed successfully.
[root@appweb]#
然后,重新启动glassfish服务。
这将为在端口4848上运行的glassfish管理控制台禁用TLS1.0和TLS1.1。 此外,还提供以下解决方案:https://www.tenable.com/plugins/nessus/104743