Tactical ExtensibleSocketConnectorAssertion-1.0.0 Assertion Option for TLS versions selection

search cancel

Tactical ExtensibleSocketConnectorAssertion-1.0.0 Assertion Option for TLS versions selection

book

Article ID: 204146

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

When we open an inbound tcp port with SSL enabled setting via Tactical ExtensibleSocketConnectorAssertion-1.0.0 Assertion, is there any way to enable or disable TLS versions (TLS 1.0, TLS 1.1, TLS 1.2).

Environment

Release : 9.4

Component : API GATEWAY

Resolution

The -Dhttps.protocols=TLSv1.2 will tell the JRE to use TLS 1.2 by default if the tactical still uses TLS 1.1 despite this setting it seems to set TLS 1.1 in the code ,

To prevent TLS 1.1 to be used you can also disable it in the java.security file .

Feedback

thumb_up Yes

thumb_down No