Build Forge TLS 1.2 configuration
Hi
We have a new Build Forge environment and we have configured TLSv12 in Administration->Security-> SSL
TLSv12 for all SSL Configurations
We also updated Master BFClient.conf
From Apache we verified ssl.conf includes:
To:
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
And from Tomcat:
server.conf , protocol ->
sslProtocol="TLS"
How could we ensure TLS1.2 is enabled instead of TL1.0?
Regards.
|
One answer
I'm not familiar with Build Forge so would say it in general. For an SSL connection to be established, both the client and the server need to support the same protocol(s). So if you restrict the BF Server to support TLSv1.2 only, no clients can connect to it with TLSv1.0 or TLSv1.1. In this sense, I would expect you set "SSLProtocol -ALL +TLSv1.2" for Apache and sslProtocol="TLSv1.2" for Tomcat. You cannot specify multiple protocols and hope that the strictest protocol is picked. It's in my experience that the opposite is true.
Note that the application has to be capable of handling TLSv1.2 connections, otherwise it will not work. That is, in the case the application itself needs to create an SSL connection, it needs to be able to negotiate a TLSv1.2 one. |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.