Skip to main content
Support

KB Article #178132

How to disable insecure protocols like SSLv2 or SSLv3 for outgoing SSL/TLS connections

Problem

Previously, you could not configure SSL/TLS protocols for outbound connections in the Connect To URL filter in API Gateway.

Resolution

As of 7.5.1 SP1, you can configure default SSL/TLS protocols for outbound connections via the Connect To URL filter using the system/conf/ssloptions.xml settings file.


<ConfigurationFragment> 
    <SystemSettings> 
        <!-- SSL options for outgoing connections --> 
... 
        <!-- Do not use the SSLv2 protocol --> 
        <!-- <attribute key="ssloptions">nosslv2</attribute> --> 

        <!-- Do not use the SSLv3 protocol --> 
        <!-- <attribute key="ssloptions">nosslv3</attribute> --> 

        <!-- Do not use the TLSv1.0 protocol --> 
        <!-- <attribute key="ssloptions">notlsv1</attribute> -->

        <!-- Do not use the TLSv1.1 protocol --> 
        <!-- <attribute key="ssloptions">notlsv1_1</attribute> -->
    </SystemSettings> 
</ConfigurationFragment> 


The following is a list of all the SSL options that can be set in the configuration:


SSL OptionEffectOpenSSL flag set
nosslv2Disables SSLv2SSL_OP_NO_SSLv2
nosslv3Disables SSLv3SSL_OP_NO_SSLv3
notlsv1Disables TLSv1.0SSL_OP_NO_TLSv1
notlsv1_1Disables TLSv1.1SSL_OP_NO_TLSv1_1
notlsv1_2Disables TLSv1.2SSL_OP_NO_TLSv1_2