I looked at the Apache HttpClient 3.1 documentation at http://hc.apache.org/httpclient-3.x/sslguide.html, and know that it comes out of box with HTTP over SSL. I'm trying to configure the client so that it uses TLS for servers that no longer support SSL but still maintain compatibility with ones that use SSL. Has anyone done this? Is it even possible?
If it helps, a solution to configure the client to use TLS is presented here: How to force Commons HTTPClient 3.1 to use TLS 1.2 only for HTTPS?
I am not able to upgrade to a more recent version of HttpClient at this time.
Related
Currently mule 3.9 with java 1.8 and enabled all TLS so now i need to disable v 1.0 , there will be any problem..
Or there will be any issue in existing mule API that are connected to other APIs using https as my mule APIs are calling other external APIs sometimes
TLS 1.0 is disabled by default in Mule 3.9 and Java 1.8. You only will have an issue if your applications try to connect to any HTTPS service that only accepts TLS 1.0. Those will reject your HTTPS requests.
If those services exposing only TLS 1.0 are APIs or are not APIs, that's irrelevant as we are talking about HTTPS as a communication transport and what they are doing doesn't change that. It may be plan HTTPS or a SOAP web service behind HTTPS.
Anypoint Platform has deprecated TLS 1.0 for some years so any platform APIs and the global load balancers will reject TLS 1.0.
I am trying to make my http4k REST API require SSL but I can't manage to figure out how to configure Jetty for SSL.
Because it supports multiple backends, http4k doesn't come with any inbuilt APIs to implement SSL. Instead, you implement your own custom version of the Jetty ServerConfig interface so configure the server as required. As a template you can use the one here:
https://github.com/http4k/http4k/blob/master/http4k-server-jetty/src/main/kotlin/org/http4k/server/jetty.kt
We are trying to enforce TLS 1.2 in our WCF Service.
We have our WCF Service hosted on IIS on our VM Boxes.
We are not sure how to disable TLS 1.0 and TLS 1.1 for our service.
We have tried the following approach:
Configuration change in our WCF Service (Server side) and (client side)** –
For the client side, we added the following code in our main method –
Remove insecure protocols (SSL3, TLS 1.0, TLS 1.1)
ServicePointManager.SecurityProtocol &= ~SecurityProtocolType.Ssl3;
ServicePointManager.SecurityProtocol &= ~SecurityProtocolType.Tls;
ServicePointManager.SecurityProtocol &= ~SecurityProtocolType.Tls11;
// Add TLS 1.2, 1.3
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls13;
We have verified that this works on the client side, i.e., the client uses only TLS 1.2 to send requests after this config.
But the same configuration on our Server side WCF service does not work.
We have written this config change inside global.asax file inside Application_Start method for our
server, but the WCF Service hosted on IIS Server still accepts TLS 1.0/1.1 requests.
We have tried another method where we did registry key changes on Windows Server to disable TLS 1.0, TLS 1.1 for the whole VM box.
The blocker for going with this method is that there are many other services on our VM,
which might get affected if we do a configuration change on the whole server.
Is there any working method wherein we change the configuration of our WCF Service to disable serving TLS 1.0/1.1 requests on the service level?
Any help would be appreciated. :-)
At first, we had better not specify the TLS version manually, just let the OS decide on the TLS version. Please check the official document of TLS best practices.
https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls
Provided that OS and project’s SDK support TLS1.2(it needs prerequisites, Dotnet4.6.1+,win7+),We could specify the TLS version used during the communication by the below code on the client-side.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServiceReference1.ServiceClient client = new ServiceReference1.ServiceClient();
Besides, modifying the Windows registry can disable certain version protocols.
Please refer to the below link.
https://serverfault.com/questions/733994/how-to-disable-tls-1-0-in-windows-2012-rdp
https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings
Feel free to let me know if there is anything I can help with.
The problem is as follows:
We have a SOAP API running behind TLS1.2 and SNI
Our main software is stuck on JDK6 where it is basically impossible to connect to a server using SNI
We need to use Axis 1.4 for SOAP calls
We have set up a simple Apache Proxy rerouting calls to http://proxyIP/foo to https://mainIP/
The proxy works like a charm when tested manually or in a browser.
However, using Axis to do the required SOAP calls fails with an Exception:
Unrecognized SSL message, plaintext connection?
What could cause this and how could we fix this?
Every idea is appreciated.
faced with next problem:
I have .net web application running under .NET Framework 4.5.2. Applicating communicates to SalesForce using:
SOAP API
REST API (https://github.com/developerforce/Force.com-Toolkit-for-NET/).
SalesForce announced disabling the TLS 1.0 encryption protocol on March 4, 2017. Do I need to do some adjustments in order to migrate to TLS 1.2?
The default System.Net.ServicePointManager.SecurityProtocol in .NET 4.5 is SecurityProtocolType.Tls|SecurityProtocolType.Ssl3, and .NET 4.5 supports up to TLS 1.2
Do I need to update System.Net.ServicePointManager.SecurityProtocol? If so, can it have an impact on communication with other api's?
I will be grateful for any help.
We had some issues in the log alerting us that we were logging on salesforce api using an old protocol not so long ago, after searching a bit i initialise the security protocol with
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
This will force all connection to use tls 1.2 within your program tho.
Sometime it seemed some call were trying to use tls1.0 with the default config... However to be sure you don't need to change just download your API log history and check if you have any connection attempt below tls1.2 and if its the case force the upgrade to tls1.2
You can also add the following registry keys to force TLS 1.2 in .NET 4.5+. They will only be overwritten if the System.Net.ServicePointManager.SecurityProtocol is specifically defined within the application.
Set/create the "SchUseStrongCrypto" DWORD value in the following two registry keys to 1: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319 and
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319