Solved: Supported versions of TLS in Apigee X

Renuka_atnoor · 07-24-2023 01:02 PM

Hi All,

Can we use TLS 1.3v in Apigee X for the cloud, As per the Apigee edge documentation supported-versions-of-tls it is mentioned that:

Edge in the Cloud: Supports TLS version 1.2 only. Support for TLS versions 1.0 and 1.1 for the Cloud has been retired. TLS-retirement
Edge in the Private Cloud: Supports TLS versions 1.0, 1.1, and 1.2.

But we'd like to know the info for Apigee X.

Can anyone please help with the above query?

@kurtkanaskie @dchiesa1 @dknezic @shrenikkumar-s @Peeyush_Singhai @Manisha_Chennu

dchiesa1

Yes, you can use TLS 1.3 for Apigee X.

In Apigee X, there are inbound connections (client to Apigee) and outbound connections (Apigee to upstream target). The TLS configuration is done differently for these two different connections.

the TLS for inbound connections is managed by the Google Cloud Load Balancer that you use. Configure the load balancer with a profile that restricts the version of TLS it will accept. See the documentation here.
The TLS for outbound (upstream) connections is managed via the SSLInfo on the TargetEndpoint. For this, configure the TLS settings in the SSLInfo element of your HTTPTargetConnection. You can restrict TLS versions and/or ciphers.

View solution in original post

dchiesa1

Yes, you can use TLS 1.3 for Apigee X.

In Apigee X, there are inbound connections (client to Apigee) and outbound connections (Apigee to upstream target). The TLS configuration is done differently for these two different connections.

the TLS for inbound connections is managed by the Google Cloud Load Balancer that you use. Configure the load balancer with a profile that restricts the version of TLS it will accept. See the documentation here.
The TLS for outbound (upstream) connections is managed via the SSLInfo on the TargetEndpoint. For this, configure the TLS settings in the SSLInfo element of your HTTPTargetConnection. You can restrict TLS versions and/or ciphers.