TLS Version Issue
search cancel

TLS Version Issue


Article ID: 262295


Updated On:


CA API Gateway


This is going to be a quick one, 

We want to know if there is anyway to change TLS version for outbound connections on gateway level i.e by changing cluster wide properties or another way

We know that - we can enforce the TLS version that we want fto for outbound connections at Policy Level in HTTP routing assertion, we want to know if there is any setting we can add at gateway level to enforce particular TLS Version (for outbound)



Release : 10.0


There is not a cluster wide property to control/set this for inbound request, however Gateway 10.1 disable weak protocols TLS 1.0 1.1 the latest ones 

This is controlled by the JDK, changes to this file require a restart and may have unexpected issue  with other functionality of the gateway 

This is a Global effect inbound and outbound this file can disabled protocols /opt/SecureSpan/JDK/conf/security/

The latest version disabled the following: (gateway 10.1/11.0)

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \

    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \

    include jdk.disabled.namedCurves

Looks for line 

Gateway 10.0 appliance /opt/JDK/jre/lib/security/


jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \

      DSA keySize < 1024, include jdk.disabled.namedCurves