This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to disable TLS1.0 and 1.1 at the Message Processor level ?

Posted on 10-20-2017 01:32 PM
Not applicable
Reply posted on --/--/---- --:-- AM

How to disable TLS1.0 and 1.1 at the message processor level?

Solved Solved
1 5 962
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

TLS1.0 and 1.1 need to be disabled at the JVM level

Please add below properties to <install root>/apigee/customer/application/message-processor.properties file

conf/system.properties+https.protocols=TLSv1.2 conf/jvmsecurity.properties+jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1

#Configure the ciphers that need to be supported by MP by below entry

communication_local.http.ssl.ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Restart Message Processor

View solution in original post

Jump to Solution
5 REPLIES 5

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

TLS1.0 and 1.1 need to be disabled at the JVM level

Please add below properties to <install root>/apigee/customer/application/message-processor.properties file

conf/system.properties+https.protocols=TLSv1.2 conf/jvmsecurity.properties+jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1

#Configure the ciphers that need to be supported by MP by below entry

communication_local.http.ssl.ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Restart Message Processor

Jump to Solution

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
In response to
Reply posted on --/--/---- --:-- AM

@akinadiyil - can you accept the answer if this worked so that it will be useful for others

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
mcdoctore
New Member
Reply posted on --/--/---- --:-- AM

Hi,

this does not seem to work for version 4.19.x

Disabling TLSv1.0 and TLSv1.1 in de router via tokens, as in the documentation:

https://docs.apigee.com/api-platform/system-administration/creating-virtual-host#virtualhostconfigur...

, did the trick.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to mcdoctore
Reply posted on --/--/---- --:-- AM

The configuration for higher versions can be done in virtualhost configuration.

The same is present in the link you have shared.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
mcdoctore
New Member
In response to
Reply posted on --/--/---- --:-- AM

Yes, that's true. We did it with tokens because in our case we wanted to configure it globally, not for one virtual host only.

Jump to Solution
0 Likes