This is going to be a quick one,
We want to know if there is anyway to change TLS version for outbound connections on gateway level i.e by changing cluster wide properties or another way
We know that - we can enforce the TLS version that we want fto for outbound connections at Policy Level in HTTP routing assertion, we want to know if there is any setting we can add at gateway level to enforce particular TLS Version (for outbound)
Release : 10.0
There is not a cluster wide property to control/set this for inbound request, however Gateway 10.1 disable weak protocols TLS 1.0 1.1 the latest ones
This is controlled by the JDK java.security, changes to this file require a restart and may have unexpected issue with other functionality of the gateway
This is a Global effect inbound and outbound this file can disabled protocols /opt/SecureSpan/JDK/conf/security/java.security
The latest version disabled the following: (gateway 10.1/11.0)
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
Looks for line
Gateway 10.0 appliance /opt/JDK/jre/lib/security/java.security
LINE:
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, include jdk.disabled.namedCurves