This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to restrict Edge UI to accept only TLS v1.1 and v1.2

Posted on 03-14-2018 09:48 PM
akashtp
Staff
Reply posted on --/--/---- --:-- AM

How do I restrict Edge UI/Developer portal to accept only TLS v1.1 and v1.2 and do not wish to allow TLS v1.0 connections.

0 1 394
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
akashtp
Staff
Reply posted on --/--/---- --:-- AM

At this point there's no direct way to achieve this. We already have a feature request for this.
This feature request will be reviewed by engineering and will be prioritized. Please note that there is no ETA on feature requests.

You can disable cipher and protocols at java runtime level which will be applied to edge-ui or management API if it is running on that java.

To disable protocols and ciphers on Java runtime level.

http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#DisabledAlgori...
which says we can control the protocol and cipher to be used by the ssl handshake with clients by the properties:
----------
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1
----------
on the java.security file:
e.g.

/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.x86_64/jre/lib/security/java.security

0 Likes