TLS Security Configuration

LLS supports SSL communication to happen over TLS 1.3 protocol and TLS 1.2 protocol for backward compatibility. Making changes to TLS Security Configuration is OPTIONAL and can be done either before or after LLS is installed.

Before you begin

You have downloaded the installer package. See Downloading the installer package.

About this task

  • LLS supports SSL communication to happen over TLS 1.3 protocol and TLS 1.2 protocol for backward compatibility.
  • By default, LLS runs in SECURED mode where it allows SSL communication to happen over TLS 1.2 protocol with strong cipher suites only and also supports SSL communication to happen over TLS 1.3 protocol.
  • TLS has 3 configuration modes BASIC, SECURED and MODERN.
    1. BASIC - It allows SSL communication to happen over TLS 1.2 protocol with all cipher suites and also supports TLS 1.3 protocol connections. This setting is generally not recommended for modern environments. However, it can be enabled for legacy systems that require support for a broader range of cipher suites within TLS1.2 protocol.
    2. SECURED - It allows SSL communication to happen over TLS 1.2 protocol with strong cipher suites only and also supports TLS 1.3 protocol connections.
    3. MODERN - It allows SSL communication to happen over TLS 1.3 protocol only, with automatic cipher selection.
      Note:
      All TLS protocols are not supported by every operating system. Be sure to base your TLS protocol choice on the underlying operating system and confirm that the TLS protocol you require is supported by your operating system.

Procedure

  1. Extract the installer package:
    • On Windows, use a zip program such as Winzip.
    • On Linux, enter the following command:
      tar -xvzf packageName
  2. Go to the directory where the config.json file is located.
  3. In the config.json file the tls_mode is set to SECURED. 
    "security": {
    "tls_mode": "SECURED",
            }
  4. The tls_mode can be modified to BASIC / SECURED / MODERN as per the required configuration mode. 
    "TLS configuration modes:",
"BASIC - TLS 1.2 with all cipher suites and also supports TLS 1.3 protocol connections. This setting is generally not recommended for modern environments. However, it can be enabled for legacy systems that require support for a broader range of cipher suites within TLS1.2.",
"SECURED - TLS 1.2 with strong cipher suites only, and also supports TLS 1.3 connections",
"MODERN - TLS 1.3 only, with automatic cipher selection"
    Note:
    Restart the LLS Service whenever changes are made to the config.json file after installation.

    On Windows, open the Windows Services (service.msc) to start / stop / restart the LLS Service.

    On Linux, enter the following commands to start / stop / restart the LLS service

    systemctl stop HCL-Local-License-Server-5.2.service
systemctl start HCL-Local-License-Server-5.2.service
systemctl restart HCL-Local-License-Server-5.2.service