KB Article #178132
How to disable insecure protocols like SSLv2 or SSLv3 for outgoing SSL/TLS connections
Problem
Previously, you could not configure SSL/TLS protocols for outbound connections in the Connect To URL filter in API Gateway.
Resolution
As of 7.5.1 SP1, you can configure default SSL/TLS protocols for outbound connections via the Connect To URL filter using the system/conf/ssloptions.xml settings file.
<ConfigurationFragment>
<SystemSettings>
<!-- SSL options for outgoing connections -->
...
<!-- Do not use the SSLv2 protocol -->
<!-- <attribute key="ssloptions">nosslv2</attribute> -->
<!-- Do not use the SSLv3 protocol -->
<!-- <attribute key="ssloptions">nosslv3</attribute> -->
<!-- Do not use the TLSv1.0 protocol -->
<!-- <attribute key="ssloptions">notlsv1</attribute> -->
<!-- Do not use the TLSv1.1 protocol -->
<!-- <attribute key="ssloptions">notlsv1_1</attribute> -->
</SystemSettings>
</ConfigurationFragment>
The following is a list of all the SSL options that can be set in the configuration:
| SSL Option | Effect | OpenSSL flag set |
| nosslv2 | Disables SSLv2 | SSL_OP_NO_SSLv2 |
| nosslv3 | Disables SSLv3 | SSL_OP_NO_SSLv3 |
| notlsv1 | Disables TLSv1.0 | SSL_OP_NO_TLSv1 |
| notlsv1_1 | Disables TLSv1.1 | SSL_OP_NO_TLSv1_1 |
| notlsv1_2 | Disables TLSv1.2 | SSL_OP_NO_TLSv1_2 |