Applicable Versions
This document now applies only to exacqVision Web service 8.8 and earlier. Beginning with version 9.0, the web service no longer uses Apache. If you need to disable TLS 1.0 we recommend the use of a web service gateway. The steps in configuring a web service gateway are detailed in Configuring Nginx or Apache as a Web Service Gateway
<br>
Description
Disabling TLS 1.0 is regularly recommended by security scans. The following steps explain how to disable TLS 1.0.
Note: While TLS1.0 is insecure, it is required for IE8-10 to work by default. Users of those browsers have the ability to enable support for TLS1.1 or 1.2 in their browser settings, but it will have to be done for each user.
<br>
To disable TLS 1.0 in the web service:
- Using a text editor, open the file C:\Program Files (x86)\exacqVision\WebService\Apache\conf\extra\httpd-ssl.conf or /etc/evapache/extra/httpd-ssl.conf.
- Search for the line starting with SSLProtocol. By default, this line looks like: SSLProtocol all -SSLv2 -SSLv3
- Edit the line to add -TLSv1. For example, the line would now look like SSLProtocol all -SSLv2 -SSLv3 -TLSv1
- Save the edited file.
- Restart the web service.
There are many variations of security protocol configuration that can be applied to meet a specific user’s needs, many of which fall outside the scope of a KB. Interested individuals should reference Apache’s documentation on configuring the SSL module: https://httpd.apache.org/docs/2.4/en/ssl/
<br>