This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

What is the current TLS using?

Posted on 11-25-2024 08:18 PM
nqhiep
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi everyone,

I'm using Apigee Edge for Public Cloud. When I define a new target server, I don't specify the tls version, how can I know what is the version is used?

I try to trace but can't see anything as below:

nqhiep_0-1732594638231.png

Thanks.

 

0 3 191
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM
@nqhiep wrote:

When I define a new target server, I don't specify the tls version, how can I know what is the version is used?

 

I think if you want to specify the TLS settings, you need to use a SSLInfo block.  Is that what you're asking? 

A long, long time ago, in a galaxy far, far away, Apigee was created and the designers thought , "let's make SSL (now TLS) really easy and just choose some defaults for people."  And so officially, it was not required for you to specify a SSLInfo block in your TargetEndpoint. This is nice for conducting tests, but it's a poor choice for enterprise-grade governance. So you should never do this in real-world systems. You should never omit the SSLInfo block.

BTW, The apigeelint tool , which I recommend without reservations, will flag this for you, under rule TD012.  If it finds a TargetEndpoint in your proxy that does not use SSLInfo, apigeelint will scold you and say "TargetEndpoint HTTPTargetConnection should have exactly one SSLInfo".

Also, I advocated for the product team to change this behavior and insist that every TargetEndpoint use its own SSLInfo, or at least provide a way for the Org Admin to specify a flag that would require that each TargetEndpoint must use an SSLInfo.  But we decided that would be too much of a hardship for people who are just testing things out.  So you need to enforce that kind of thing on your own. 

For Apigee Edge,  you can find the relevant documentation for SSLInfo here.  It will tell you how to specify acceptable protocols (TLS 1.1, TLS1.2) and ciphers, etc. 

For Apigee x/hybrid, look here.

 

0 Likes

Posted on --/--/---- --:-- AM
AlexET
Staff
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi @nqhiep, thank you for engaging with our Apigee community! A big thank you to @dchiesa1 for providing a response.👍🏼

If you feel that Dino’s reply resolves your inquiry, please consider marking it as an accepted solution. Also, feel free to explore our articles and check out upcoming events—we’d love to see you participate more!

0 Likes

Posted on --/--/---- --:-- AM
nqhiep
Bronze 1
Bronze 1
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi @dchiesa1, Thanks for your reply, I want to know what is the default version in case we don't specify it

0 Likes
Top Solution Authors
View all