How to specify the Protocol list as part of the SSLInfo in the target endpoint element ?
Solved! Go to Solution.
You can specify the Protocol list as part of the SSLInfo in the target endpoint element
For example :-
<HTTPTargetConnection> <URL>https://foo.com</URL> <SSLInfo> <Protocols> <Protocol>TLSv1.2</Protocol> </Protocols> </SSLInfo> </HTTPTargetConnection>
The protocol definition in the <HTTPTargetConnection> will allow only TLS1.2 protocol to work.
You can specify the Protocol list as part of the SSLInfo in the target endpoint element
For example :-
<HTTPTargetConnection> <URL>https://foo.com</URL> <SSLInfo> <Protocols> <Protocol>TLSv1.2</Protocol> </Protocols> </SSLInfo> </HTTPTargetConnection>
The protocol definition in the <HTTPTargetConnection> will allow only TLS1.2 protocol to work.
@Madhumita Kumari The answer above is missing the Enabled attribute
<HTTPTargetConnection> <URL>https://foo.com</URL> <SSLInfo> <Enabled>true</Enabled> <Protocols> <Protocol>TLSv1.2</Protocol> </Protocols> </SSLInfo> </HTTPTargetConnection>
Thanks for correcting @Divya Achan
see @Divya Achan comment (this is necessary) Do note: this will only impact the outbound connection specified -it wont impact "all outbound" connections.
For NodeJS related target end points, should include the secureProtocol option in the nodejs script as shown below,
function handleRequest(req, resp) { var conn = tls.connect({ host: host, port: port, rejectUnauthorized: false, secureProtocol: 'TLSv1.2', }
and for the JS httpClient?
How can I enable TLSv1.2 using plane JS
Hello - how would the configuration change if we were accessing the Edge instance on the public cloud?
If you are on public cloud, by default TLS 1.2 is enabled so there is no need to mention it explicitly in the Target Endpoint configuration
Thanks for your response @divyaachan. If it is enabled by default, is there a way to suppress older versions of TLS (i.e, v1.0, v1.1)?
When TLS 1.2 is enabled by default, that is the protocol that is used for outbound communication. IF you have to use older versions of TLS, then you'll have to explicitly mention in the Target configuration
Do you know how to block on inbound connections on Edge?
@Kailash Nagarajan would request you to please open a seperate question regarding inbound connections so that its searchable by everyone and can benefit from the answer
Done Divya, it can be found i nthe link - https://community.apigee.com/questions/57132/explicitly-supress-tlsv10-tlsv11-on-edge-on-public.html
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |