Key Trustee Ships as a self contained product. While the front end of Key Trustee can and does support TLS 1.2 the postgreSQL version that presently ships with Key Trustee has no support for cipher enforcement. Even though it is capable of supporting TLS 1.2 other cipher specs cannot be forcefully disabled.   If your goal is to ensure that all of the components on your system use only TLS 1.2 you should be advised that the security scanners will continue to report other TLS versions for the release of postgreSQL that currently ships with Key Trustee even with available work arounds. We also do not provide any UI based methods for altering the TLS configuration for the backing Key Trustee Database. You will need to reach out through normal support channels to obtain the work around we can provide.   The KT service exports the following parameters along with others during startup to the environment. You should not attempt to update any part of the parcel content. Note where the python home is located.   export KEYTRUSTEE_PYTHONHOME=$KEYTRUSTEE_SERVER_DIRNAME/lib/python2.6 export KEYTRUSTEE_PYTHONPATH=$KEYTRUSTEE_PYTHONHOME/lib:$KEYTRUSTEE_PYTHONHOME/site-packages export PYTHONPATH=$KEYTRUSTEE_PYTHONPATH:$KEYTRUSTEE_SERVER_DIRNAME export BIN=${KEYTRUSTEE_SERVER_DIRNAME}/bin export KEYTRUSTEE_PYTHON=${BIN}/python export CRYPTOGRAPHY_ALLOW_OPENSSL_100=True   The parcel presently ships with pyOpenSSL-0.14.   KEYTRUSTEE_PYTHONHOME/site-packages/pyOpenSSL-0.14-py2.6.egg-info   Please show us the documentation you are referencing and also please be advised that there are various other components which also use python through out the platform. ... View more