Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

How to Disable TLS 1.0 and 1.1 in CSR Server

From Content Security Reporter 2.9.x

When you perform an audit scan of your CSR server, you see that TLS 1.0 and 1.1 are enabled, and port 9121 is in use.
CSR server allows connections with TLS 1.1, TLS 1.2, and TLS 1.3. By default, TLS 1.0 is disabled.

The problem is to disable TLS 1.0 and 1.1 on the CSR Server and ensure compliance.


To disable TLS 1.1, and ensure 1.0 is disabled, perform the steps below:

  1. Navigate to C:\Program Files\Skyhigh\Content Security Reporter\reporter\jboss\bin.
  2. Create a backup of, and place the backup in a safe location.
  3. Open in a text editor of your choice.
  4. Locate the following entry:

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, \ EC keySize < 224, 3DES_EDE_CBC, anon, NULL

NOTE: In this example, TLS 1.0 is already listed as disabled (TLSv1).

  1. Edit the entry to the following:

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, DH keySize < 1024, \EC keySize < 224, 3DES_EDE_CBC, anon, NULL

  1. Restart the CSR service.
  • Was this article helpful?