API Portal Legacy: SSL protocols and cipher suites
search cancel

API Portal Legacy: SSL protocols and cipher suites

book

Article ID: 98923

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction



The customer is planning to update the API Portal from version 3.5 to version 4.2.
But first, they need to know if the security vulnerabilities with TLS 1.0, various cipher suites are present in version 4.2. It is also necessary to know if these security vulnerabilities are covered with:
1. Installation and configuration out-of-the-box of the new version of the API Portal (4.2)
2. Requirements on the base architecture in which the new version of the API Portal will be installed.

Environment

Portal 3.5/4.2

Resolution

For the Portal 3.5 Appliance SSLv2 is disabled by default in /etc/httpd/conf.d/ssl.conf via "SSLProtocol all -SSLv2". 
With the latest Appliance platform patch the SSLProtocol line can be set to "SSLProtocol TLSv1.2" which only enables TLS 1.2.
You can also customize the SSLCipherSuite. 

For Portal 4.2 Only TLSv1.2 is enabled. 


 

Additional Information

TLS v1.2 isn't enforced in Portal 4.2.0 GA. It has to be upgraded to 4.2.0.2 or later.