API Portal Legacy: SSL protocols and cipher suites
book
Article ID: 98923
calendar_today
Updated On:
Products
CA API Developer Portal
Issue/Introduction
The customer is planning to update the API Portal from version 3.5 to version 4.2. But first, they need to know if the security vulnerabilities with TLS 1.0, various cipher suites are present in version 4.2. It is also necessary to know if these security vulnerabilities are covered with: 1. Installation and configuration out-of-the-box of the new version of the API Portal (4.2) 2. Requirements on the base architecture in which the new version of the API Portal will be installed.
Environment
Portal 3.5/4.2
Resolution
For the Portal 3.5 Appliance SSLv2 is disabled by default in /etc/httpd/conf.d/ssl.conf via "SSLProtocol all -SSLv2". With the latest Appliance platform patch the SSLProtocol line can be set to "SSLProtocol TLSv1.2" which only enables TLS 1.2. You can also customize the SSLCipherSuite.
For Portal 4.2 Only TLSv1.2 is enabled.
Additional Information
TLS v1.2 isn't enforced in Portal 4.2.0 GA. It has to be upgraded to 4.2.0.2 or later.