The TLS version used by the Spotfire Server and Node Manager.
Article ID: KB0137795
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | All Versions |
Description
Due to design flaws in TLS 1.0 and TLS 1.1, customers' security teams may request that these protocols be disabled. Will this affect the Spotfire environment if TLS 1.0 and 1.1 are disabled? Which TLS versions are used by the Spotfire Server and Node Manager?
Environment
Windows
Resolution
The Spotfire Server is Java-based and is not affected by any Windows registry settings. By default, it supports TLS 1.2 and TLS 1.3, and it cannot be disabled.
Currently, .NET (including the Web Player and Automation Services) does not support TLS 1.3, so TLS 1.2 must remain enabled.
TLS 1.0 and 1.1 should not be necessary for Spotfire, as they are both disabled on the Spotfire Server, whether it is functioning as a server or a client. Therefore, communication using these protocols should not be possible, regardless of the settings on the Network Management (NM) machine.
Please note that TLS 1.2 and TLS 1.3 use different cipher suites. The default enabled cipher suites in both Java and Windows may not cover all use cases, so caution should be exercised when disabling any of them to avoid compatibility or security issues.
Issue/Introduction
Which TLS versions are used by the Spotfire Server and Node Manager?
Additional Information
Doc: Environment Overview
Doc: Standards and Algorithms
KBA: Follow the below KBA if you want to use a specific cipher suite.
