Disable TLS 1.2 on VMware Unified Access Gateway (UAG)

I was asked today about how to change the TLS settings on a UAG appliance. While I wouldn’t recommend doing this, unless you really know what you’re doing. I figured that it would be a good example of how to use the REST API to modify the settings on a UAG.

Log into the UAG GUI via https://{IP Address}:9443/admin 

Go to the System Configuration

Screen Shot 2018-02-21 at 9.10.39 pm

Within the System configuration you can see that TLS 1.2 is enabled.

Screen Shot 2018-02-21 at 8.51.19 pm

You can see in the below image, when you try to disable TLS 1.2 in the GUI, it is disabled.

IMG_5316

API GET

The settings that you can’t change in the GUI (Particularly the TLS 1.2) can be changed via the API. I choose to use the Postman API tool, and that is what this guide will focus on. Use the API Get command to first review the current settings. To validate the API – got to
https://{IP Address}:9443/rest/swagger.yaml

Once you open Postman, type in the UAG API URL –
https://{IP Address}:9443/rest/v1/config/system

Screen Shot 2018-02-21 at 8.53.02 pm

Select Basic Auth and type in your username and password.

Screen Shot 2018-02-21 at 8.53.20 pm

Select the Headers tab and add a Key for “Content-Type” with a value of “application/json“.

Screen Shot 2018-02-21 at 8.55.51 pm

Click “Send” and you will get the results in the window below, in a JSON format.

Screen Shot 2018-02-21 at 8.53.30 pm

API PUT

Now that you have validated the existing config and retrieved a properly formatted JSON block with the correct settings, now you can use the PUT command to make the necessary changes.

Copy the JSON block and then change the API call from GET to PUT.

Screen Shot 2018-02-21 at 8.59.20 pm

Open the “Body” tab, select the “raw”  input method and change the input type to “JSON (application/json)“.

Screen Shot 2018-02-21 at 9.00.47 pm

Paste the JSON block into the window below and change the “tls12Enabled” to false.

Screen Shot 2018-02-21 at 9.02.56 pm

Click “Send” and the results will be display in the bottom window.

Screen Shot 2018-02-21 at 9.03.38 pm

You can now log back into the UAG system configuration and the TLS 1.2 setting is disabled.

Screen Shot 2018-02-21 at 9.05.58 pm.png