Disable TLS1.0 and TLS1.1 in hawk2
This document (000019803) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server for SAP Applications 12 SP3 - 12 SP4 - 12 SP5
The steps to disable TLS are different depending on the version of hawk2 that is installed.
Steps for both versions will be outlined below.
The options to disable TLS were added beginning with the Nov 19 2020 release of hawk2 version:
hawk2-2.2.1+git.1604928548.070a8e0c-3.15.1.x86_64However, it is recommended to NOT use the above hawk2 package
as there is a bug which causes High CPU usage on that version.
SUSE recommends this hawk2 version or newer:
hawk2-2.3.0+git.1607523195.05cd3222-3.18.1The steps to disable TLS1.0/1.1 on this version are:
1. Edit the file:
2. Set the variables below to true:
HAWK_NO_TLSV1="true" HAWK_NO_TLSV1_1="true"3. Restart hawk2:
systemctl restart hawk
With the Nov 19 2020 release of hawk2 version:
To disable both TLS1.0 and TLS1.1 follow these steps:
1. Stop the hawk2 service:
systemctl stop hawk
2. Edit the file:
Find the line that is currently:
ssl_bind @listen, @port, cert: @cert, key: @key, verify_mode: 'none'
Add this text to the end of that line:
,no_tlsv1_1: true, no_tlsv1: true
The line should then look like:
ssl_bind @listen, @port, cert: @cert, key: @key, verify_mode: 'none', no_tlsv1_1: true, no_tlsv1: true
3. Start hawk2:
systemctl start hawk
Test that TLS1.0 and TLS1.1 are disabled with openssl:
openssl s_client -tls1_1 -connect localhost:7630
openssl s_client -tls1 -connect localhost:7630
The failed results will show:
139882563065488:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:659:
no peer certificate available
A successful connection will show "Server certificate" info.
SUSE recommends updating to this hawk version or newer:
hawk2-2.2.1+git.1604928548.070a8e0c-3.15.1.x86_64causes ruby to use excessive CPU or high CPU load.
SUSE recommends to use newer hawk2 versions listed above.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000019803
- Creation Date: 16-Dec-2020
- Modified Date:16-Dec-2020
- SUSE Linux Enterprise High Availability Extension
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server for SAP Applications
For questions or concerns with the SUSE Knowledgebase please contact: email@example.com