Rocket Uniface User Forum

 View Only

Blog: SOAP driver settings introduced for TLS in 10.4.02-017

By Kathy Larson posted 03-07-2023 11:09

  

Created by Jasper de Keijzer

Introduction

To improve security we added new driver settings for the SOAP driver. In this blog you can read more about what these settings do and how you can improve the security of your environments. As a system administrator you can use the min_tls_version and the cipher_suite settings to set the minimum required protocol and cipher for the network connection. This means that the server cannot downgrade to a non-secure TLS version or cipher during a connection negotiation. 

Settings

The new settings are:

min_tls_version = 1.1 | 1.2 ( default ) | 1.3

When not set, the system will default to version 1.2.

cipher_list = <ciphers>

<ciphers> = the list of ciphers to use for the connection to the HTTPS proxy. The list consists of one or more cipher strings separated by colons. Comma separators are allowed but colons are normally used. The cipher_list also supports options like, DEFAULT, ALL, LOW, MEDIUM and HIGH. See the Uniface documentation for details. 

In the ASN file

You can add the new settings in the drivers section of your ASN file:

[DRIVER_SETTINGS]
SOP U2.0
USYS$SOP_PARAMS cto = 20000 min_tls_version=1.2 cipher_list=AES128-GCM-SHA256

In ProcSCript

If you're using 4GL, you can overwrite the driver setting by using the $signatureproperties

$signatureproperties("cipher_list=ECDHE-ECDSA-CHACHA20-POLY1305;min_tls_version=1.2"

The ProcScript overrides the ASN settings at runtime.

Summary

If you have any comments or questions, feel free to start a discussion in the Uniface forums.

Here are some useful links to documentation on the mentioned options:

cipher_list

min_tls_version


#tofp
0 comments
22 views

Permalink