Created by Jasper de Keijzer
Introduction
To improve security we added new driver settings for the SOAP driver. In this blog you can read more about what these settings do and how you can improve the security of your environments. As a system administrator you can use the min_tls_version
and the cipher_suite
settings to set the minimum required protocol and cipher for the network connection. This means that the server cannot downgrade to a non-secure TLS version or cipher during a connection negotiation.
Settings
The new settings are:
min_tls_version = 1.1 | 1.2 ( default ) | 1.3
|
When not set, the system will default to version 1.2.
<ciphers> = the list of ciphers to use for the connection to the HTTPS proxy. The list consists of one or more cipher strings separated by colons. Comma separators are allowed but colons are normally used. The cipher_list also supports options like, DEFAULT, ALL, LOW, MEDIUM and HIGH. See the Uniface documentation for details.
In the ASN file
You can add the new settings in the drivers section of your ASN file:
[DRIVER_SETTINGS]
SOP U2. 0
USYS$SOP_PARAMS cto = 20000 min_tls_version= 1.2 cipher_list=AES128-GCM-SHA256
|
In ProcSCript
If you're using 4GL, you can overwrite the driver setting by using the $signatureproperties
$signatureproperties( "cipher_list=ECDHE-ECDSA-CHACHA20-POLY1305;min_tls_version=1.2"
|
The ProcScript overrides the ASN settings at runtime.
Summary
If you have any comments or questions, feel free to start a discussion in the Uniface forums.
Here are some useful links to documentation on the mentioned options:
cipher_list
min_tls_version
#tofp