How to disable TLS1.0 and 1.1 at the message processor level?
Solved! Go to Solution.
TLS1.0 and 1.1 need to be disabled at the JVM level
Please add below properties to <install root>/apigee/customer/application/message-processor.properties file
conf/system.properties+https.protocols=TLSv1.2 conf/jvmsecurity.properties+jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1
#Configure the ciphers that need to be supported by MP by below entry
communication_local.http.ssl.ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Restart Message Processor
TLS1.0 and 1.1 need to be disabled at the JVM level
Please add below properties to <install root>/apigee/customer/application/message-processor.properties file
conf/system.properties+https.protocols=TLSv1.2 conf/jvmsecurity.properties+jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1
#Configure the ciphers that need to be supported by MP by below entry
communication_local.http.ssl.ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Restart Message Processor
@akinadiyil - can you accept the answer if this worked so that it will be useful for others
Hi,
this does not seem to work for version 4.19.x
Disabling TLSv1.0 and TLSv1.1 in de router via tokens, as in the documentation:
, did the trick.
The configuration for higher versions can be done in virtualhost configuration.
The same is present in the link you have shared.
Yes, that's true. We did it with tokens because in our case we wanted to configure it globally, not for one virtual host only.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |