It's all about the answers!

Ask a question

Build Forge TLS 1.2 configuration

Ernesto Ramirez (13415) | asked Dec 13 '16, 5:41 p.m.

We have a new Build Forge environment and we have configured TLSv12 in  Administration->Security-> SSL

TLSv12 for all SSL Configurations

We also updated Master BFClient.conf

From Apache we verified ssl.conf includes:
To:  SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2

And from Tomcat:
server.conf  , protocol ->  sslProtocol="TLS"

How could we ensure TLS1.2 is enabled instead of TL1.0?


One answer

permanent link
Donald Nong (14.4k314) | answered Dec 13 '16, 10:44 p.m.
I'm not familiar with Build Forge so would say it in general. For an SSL connection to be established, both the client and the server need to support the same protocol(s). So if you restrict the BF Server to support TLSv1.2 only, no clients can connect to it with TLSv1.0 or TLSv1.1. In this sense, I would expect you set "SSLProtocol -ALL +TLSv1.2" for Apache and sslProtocol="TLSv1.2" for Tomcat. You cannot specify multiple protocols and hope that the strictest protocol is picked. It's in my experience that the opposite is true.

Note that the application has to be capable of handling TLSv1.2 connections, otherwise it will not work. That is, in the case the application itself needs to create an SSL connection, it needs to be able to negotiate a TLSv1.2 one.

Your answer

Register or to post your answer.