It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×6,115
×1,192

question asked: Dec 13 '16, 5:41 p.m.
question was seen: 2,822 times
last updated: Dec 13 '16, 10:44 p.m.

Related questions

Build Forge TLS 1.2 configuration

0
Ernesto Ramirez (131018) | asked Dec 13 '16, 5:41 p.m.
 Hi

We have a new Build Forge environment and we have configured TLSv12 in  Administration->Security-> SSL

TLSv12 for all SSL Configurations

We also updated Master BFClient.conf

From Apache we verified ssl.conf includes:
To:  SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2

And from Tomcat:
server.conf  , protocol ->  sslProtocol="TLS"

How could we ensure TLS1.2 is enabled instead of TL1.0?

Regards.

One answer

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Donald Nong (14.5k614) | answered Dec 13 '16, 10:44 p.m.
I'm not familiar with Build Forge so would say it in general. For an SSL connection to be established, both the client and the server need to support the same protocol(s). So if you restrict the BF Server to support TLSv1.2 only, no clients can connect to it with TLSv1.0 or TLSv1.1. In this sense, I would expect you set "SSLProtocol -ALL +TLSv1.2" for Apache and sslProtocol="TLSv1.2" for Tomcat. You cannot specify multiple protocols and hope that the strictest protocol is picked. It's in my experience that the opposite is true.

Note that the application has to be capable of handling TLSv1.2 connections, otherwise it will not work. That is, in the case the application itself needs to create an SSL connection, it needs to be able to negotiate a TLSv1.2 one.

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.