Will apigee support TLS1.2 Protocol

Hi there,

We are currently on OPDK Version 4.17.09.01.

One of my consumer is upgrading to TLS 1.2 Protocol in one to two months.

1) Will that impact existing proxies to that consumer in anyway if they upgrade to TLS 1.2 protocol?

2) If that impacts , could you please let us know the steps to fix this

It will be helpful if you could answer this.

Note:we are planning to upgrade opdk to latest version in 2 to 3 months

0 8 949
8 REPLIES 8

ylesyuk
Participant V

When you will be upgrading to 19.01 it actually will be simple and easy to configure TLS parameters.

Including enablement of one or a mix of protocols.

Have a look at this link:

https://docs.apigee.com/private-cloud/v4.19.01/configuring-ssl-management-ui#setting-optional-tls-pr...

Hi @ylesyuk ,

Thanks for the response.

Can you please let me know what will be the impact if consumer is upgrading to TLS 1.2 and apigee version is 4.17.19.01?

Thanks in Advance

vsphanindra
Participant II

If SSL is already enabled in your API proxy Target, upgrading to TLS 1.2 on your customer side should not impact connecting to target end point.

@Siva, Thanks for your response.

you mean, adding below code in <HTTPTargetConnection> in apigee proxy at target endpoint flow ?

<SSLInfo> <Enabled>true</Enabled> <Protocols> <Protocol>TLSv1.2</Protocol> </Protocols> </SSLInfo>

vsphanindra
Participant II

@ramakrishna.mangi if you want to restrict Protocol to TLSv1.2 alone, yes this needs to be in place. Other wise its not required.

@siva,if we remove protocol tag then that will support all protocols from consumer right?

@siva, Just to double check, if we add below in apigee proxy at target endpoint flow, then that will allow all protocols from Consumer right?

<SSLInfo> <Enabled>true</Enabled> <Protocols> </Protocols> </SSLInfo>

or with out adding above will it not support tls1.2 request from consumer .

our opdk version is 4.17.09.01

vsphanindra
Participant II

@ramakrishna.mangi yes if no protocols are given, then it allows TLSv1.2 as well and below code will work

<SSLInfo> <Enabled>true</Enabled> </SSLInfo>