We want to use only the TLS1.2 protocol for all the incoming SSL connections from our clients to nginx router and EdgeUI.
We are on Private Cloud version 4.16.01.00. Is it possible by changing the config on nginx router ? If yes, can you please provide the instructions to do this ?
Solved! Go to Solution.
Yes we can change the SSL connections to the router/edge to only allow TLS1.2 protocol.
This is controlled by the parameter ssl_protocols whose default values are set as follows in /<inst-root>/nginx/conf.d/0-default.conf file:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
/<inst_root>/apigee/customer/application/router.properties
conf_load_balancing_load.balancing.driver.server.ssl.protocols=TLSv1.2
/<inst_root>/apigee/apigee-service/bin/apigee-service edge-router restart
ssl_protocols TLSv1.2;
Yes we can change the SSL connections to the router/edge to only allow TLS1.2 protocol.
This is controlled by the parameter ssl_protocols whose default values are set as follows in /<inst-root>/nginx/conf.d/0-default.conf file:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
/<inst_root>/apigee/customer/application/router.properties
conf_load_balancing_load.balancing.driver.server.ssl.protocols=TLSv1.2
/<inst_root>/apigee/apigee-service/bin/apigee-service edge-router restart
ssl_protocols TLSv1.2;
Hi @AMAR DEVEGOWDA,
For 2way TLS, you should also update the VHOST configuration.
For 2way, if the TLS offloading is on Load balancer then you can skip it. But if the offloading is on ROUTER, then you must also update the VHOST.
"{
<Protocols><Protocol>TLSv1.1</Protocol><Protocol>TLSv1.2</Protocol></Protocols>
"Thanks and Regards,
Gaurav Bhandari