DWS configuration for TLS

Devices connected to DWS are automatically set up to the same or higher version of TLS. For improved security, you can disable older versions of TLS that are not used. On DWS, you can edit the server.xml file by following these steps. See the Apache Tomcat documentation for more information about the web server used by DWS.

  1. Go to the Integrated\DWS\webserver\conf, such as C:\Windows\System32\config\systemprofile\AppData\Local\Nuance\Integrated\DWS\webserver\conf.
  2. Open server.xml in a text editor.
  3. Locate the following string:
    sslEnabledProtocols="+TLSv1+TLSv1.1+TLSv1.2+SSLv2Hello"

    There are two instances of this string. The versions of TLS that are supported by TLS are preceded with +. If a - precedes a version, it is disabled on the server. By default, TLS 1.0, 1.1, and 1.2 are supported.

  4. To disable a version of TLS, change the + in front of the version to a -. For example, this string only supports TLS 1.2.
    sslEnabledProtocols="-TLSv1-TLSv1.1+TLSv1.2+SSLv2Hello"

    Both instances of sslEnabledProtocols must be updated, and the strings must match.

  5. Save and close server.xml.
  6. Restart DWS.