Products | Versions |
---|---|
TIBCO Enterprise Message Service | 8.3, 8.4 |
EMS supports TLS v1.0, v1.1 and v1.2. Customer would like to know if they can enable TLS 1.2 only.
If you specify the TLSv1.2 cipher suites listed in EMS User's Guide in the EMS server configuration, the server will only allow SSL connections using the TLSv1.2 protocol. We have verified this with the EMS Java client. For EMS 8.3.0 and 8.4.0, you could set the following property in the server configuration: ssl_server_ciphers = -ALL:AES128-SHA256:AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA256 :DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SH A384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES128-GCM- SHA256:DHE-DSS-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES25 6-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-R SA-AES256-GCM-SHA384 BTW, the following ER has been logged: EMS-7124 [Make the versions of TLS used configurable] for a future release.