search cancel

API Gateway: Determine the TLS Versions set on Route Via HTTPS Assertions in Published Policies

book

Article ID: 216655

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

This article will discuss how to determine what version of TLS is being used/supported on an outbound Route Via HTTPS assertion in published policies.

 

Customer statement: "Is there a way to query published policies in mysql for which TLS version is being used by route statements?"

Environment

This article applies to all supported versions of API Gateway.

Resolution

Unfortunately there isn't an easy way to determine this. The reason why is that if the Routing assertion is set to "Any" for TLS version (which is the default value), the policy XML line for the TLS version is not written at all. The TLS line is only presented when it's changed from Any to a specific TLS version. In such a case, the line will look like below:             

<L7p:TlsVersion stringValue="TLSv1.2"/>

So in other words, not every Routing assertion will have that line at all and the absence of that line means it's set to the default Any value for TLS version. It's nearly impossible to check for the absence of something when doing a search of the content. Checking this really is a manual process unfortunately.