1). Make sure you have enabled SSL for Webconsole as detailed in Article 000030978.
2). Add the following property in your Hawk Webconsole Tomcat config SSL Connector.
HAWK_HOME/webconsole/tomcat/conf/server.xml
sslEnabledProtocols="TLSv1.2"
Example : Entry in my environment
==========
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="10" scheme="https" secure="true"
keystoreFile="E:/tibco/hawk520/hawk/5.2/webconsole/keystore" keystorePass="password" sslProtocol="TLS"
sslEnabledProtocols="TLSv1.2" ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA" keyAlias="tomcat"
aliasPass="password"/>
==========
To disable Insecure Renegotiation you need to disable the TLS protocol and enable the more secured TLS 1.2
After enabling sslEnabledProtocols, you can see with tls1
Secure Renegotiation IS NOT supported.============================================================================================
C:\>openssl.exe s_client -connect localhost:8443 -tls1
Loading 'screen' into random state - done
CONNECTED(00000170)
80412:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:.\ssl\s3_pkt.c:348:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1492720535
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---============================================================================================
C:\>openssl.exe s_client -connect localhost:8443 -tls1_2
Loading 'screen' into random state - done
CONNECTED(00000170)
depth=0 C = admin, ST = admin, L = admin, O = admin, OU = admin, CN = admin
verify error:num=18:self signed certificate
verify return:1
depth=0 C = admin, ST = admin, L = admin, O = admin, OU = admin, CN = admin
verify return:1
---
Certificate chain
0 s:/C=admin/ST=admin/L=admin/O=admin/OU=admin/CN=admin
i:/C=admin/ST=admin/L=admin/O=admin/OU=admin/CN=admin
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDXzCCAkegAwIBAgIES5XT+zANBgkqhkiG9w0BAQsFADBgMQ4wDAYDVQQGEwVh
ZG1pbjEOMAwGA1UECBMFYWRtaW4xDjAMBgNVBAcTBWFkbWluMQ4wDAYDVQQKEwVh
ZG1pbjEOMAwGA1UECxMFYWRtaW4xDjAMBgNVBAMTBWFkbWluMB4XDTE3MDQyMDIw
MjE1N1oXDTE3MDcxOTIwMjE1N1owYDEOMAwGA1UEBhMFYWRtaW4xDjAMBgNVBAgT
BWFkbWluMQ4wDAYDVQQHEwVhZG1pbjEOMAwGA1UEChMFYWRtaW4xDjAMBgNVBAsT
BWFkbWluMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALXtOyZy6ka0uKK90KIEpzELT/aiKbE39JHFI/yd9NHgqSJ4hdW6nOq7
L+mvAlopTnqvTNPFoy3VZowr/pSYsX461Byt7YiTslszqvmDivSIPp/RMPYa7MDw
lw6OcKM6FxnC+OxguGGEVkmvQ2my0QVDHT4OWCNMr2MeOTZE1XPTDtqbNMfMdO9p
I8frDSGTIsiiaet0KUJuB4mQg29jHAUyXzQ3jh9kZSj5V0NBeJqGV5pAPjv+5I9l
L5qyqYN9j+nk4WmPw8UehzfCEfxG+jCZVfzA1GWGSkJqOH5BJHtkBDsah54Ecikr
DbVZ8az62ChWtaUdQ29z081cFT5oWDMCAwEAAaMhMB8wHQYDVR0OBBYEFEN4lZv+
3IswYKnzbKvRRL12jHpDMA0GCSqGSIb3DQEBCwUAA4IBAQBkKkuBSXWuG2Vskfbv
OCixlwx+XI2onDmMT3QTA9ePLg4cefGYJoyFSFzP3i2sdaJYibFL+BQ9D4wccS8N
TM9a8Dom/CYyAtZdtIrm+4HcNfbhN2ddqOjKlom9wc4KbeZ5xfttcqc5KosJOPvj
iK+6oi1MathnCfqGE+5vQuBjevmpwbzMFJuH/jgeHNXjOqGYI2uASklBYeJ5Ti1i
QZVKX0WLl+/p+RiF1zFGhbTqcrluheXEDeXsqV+gtYKgUd5EHtgEPRdZiRHIJCeH
gaO3HI/8t0ZxGIygNdt2HCoGo8FuFRcaN1v9kJJADqYtalKYjLEYEjYQAphWm3Qa
cCX1
-----END CERTIFICATE-----
subject=/C=admin/ST=admin/L=admin/O=admin/OU=admin/CN=admin
issuer=/C=admin/ST=admin/L=admin/O=admin/OU=admin/CN=admin
---
No client certificate CA names sent
---
SSL handshake has read 1696 bytes and written 503 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES128-SHA
Session-ID: 58F91DCB4C833F290BB4BEA68AF0B82973D639352B4E0947F935C2C786784E17
Session-ID-ctx:
Master-Key: FF608BA2CD2C7D4DC804C29AD17796460866098B8CC854B6C99B2B67ACB51B11A5ADAC05A054340924173085F2BAE68C
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1492721099
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
read:errno=10093