Applies to: 

MF AutoPass License Server


Issue: 

TLS 1.0 is disabled and we need to communicate on 1.2


Solution: 


You can implement TLS 1.2 by the following tasks on the Autopass server: 

  1. Stop the “HPE AutoPass License Server” service
  2. Navigate to the path: <drive>\Program Files\HP\HP AutoPass License Server\HP AutoPass License Server\HP AutoPass License Server\conf
  3. Copy the file “server.xml” to a safe location. This is your backup.
  4. Open the “server.xml” for editing
  5. Locate the following text in the middle of the file:
    <!-- sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"-->
  6. Change the value string to an active element…

<Connector executor="tomcatThreadPool" compression="on" compressionMinSize="128" compressableMimeType="text/html, text/xml,text/plain,text/javascript,text/css," port="5814" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" keystoreFile="C:\Program Files\HP\HP AutoPass License Server/HP AutoPass License Server/HP AutoPass License Server/conf/keystore.jks" keystorePass="autopass" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" clientAuth="false" sslProtocol="TLS" connectionTimeout="20000" keepAliveTimeout="5000" server="HPE AutoPass License Server">

<sslEnabledProtocols>TLSv1,TLSv1.1,TLSv1.2</sslEnabledProtocols>

</Connector>


    By default all TLS protocols SHOULD be enabled

    7. Remove the values “TLSv1” and “TLSv1.1” from the line: 

        <sslEnabledProtocols>TLSv1.2</sslEnabledProtocols>

    8. Save the file

    9. Start the “HPE AutoPass License Server” service


NOTE: 

MF Has supplied a hotfix for this issue.  Please contact MF Support and ask for hotfix.  Each version will probably be different.