How may I enforce the use of certain versions of security protocols (SSL, TLS etc.)?

Owned by Agat Support
Last updated: Oct 20, 2022 by Avi J. Levin (Unlicensed)
1 min read

Typically, AGAT recommends using our default values for TLS, which are generally considered secure. However, if you prefer to set a higher minimum version, the way to do that is to edit the following section in the Bastion XML:

<allowedCiphers>AES128+EECDH:AES128+EDH:AES:ECDHE:RSA:!aNULL:!eNULL:!EXPORT:!MD5!RC4!DES!sslv3</allowedCiphers>
<minAllowedVersion>tlsv1.0</minAllowedVersion>

Simply change the value in “minAllowedVersion”

For example, insert “tlsv1.2” if you want to set the value to enforce TLS on version 1.2.

Make sure to check the compatibility of the end-user devices when changing the cipher suite or minimum TLS version since such change can break compatibility with your end-user devices.