TLS Cipher suit as a provider.

anonymous · April 14, 2020, 12:34pm

Hi Team,

We are migrating one application in APIGEE, where we have Terget provider as a two way SSL.

We have to configure cipher in target default.xml. Do we need to declare the cipher suits with in SSLinfo block or we can declare it as outside SSLinfo block as well. Does it will work?

<Propertyname=“proxy_read_timeout”>50****<Propertyname=“keepalive_timeout”>300<Propertyname=“proxy_request_buffering”>off<Propertyname=“proxy_buffering”>off<Propertyname=“ssl_protocols”>TLSv1.2 TLSv1.1<Propertyname=“ssl_ciphers”>HIGH:!aNULL:!MD5:!DH+3DES:!kEDH

I have referred https://docs.apigee.com/api-platform/system-administration/creating-virtual-host
but it seems for crating -virtual host. I have to declare it for creation for Target.

Regards,

Rohit Karadi

cjking · April 21, 2020, 5:49am

I believe you’re going to need to put the ciphers and protocols parts inside an SSLInfo block. You can see some examples here: https://docs.apigee.com/api-platform/reference/api-proxy-configuration-reference#tlsssltargetendpointconfiguration

Topic		Replies	Views
If I want to remove support for TLS 1.0 and limit the cipher suites offered how do I do that with our current setup? Is posting a modified version of the vhost.xml file out there the right way to approach this? Apigee api-runtime	0	0	August 11, 2015
Which TLS cipher suites are supported in Apigee Edge? Apigee api-runtime	3	5	January 17, 2018
Question regarding SSL Apigee api-runtime	1	1	June 25, 2015

TLS Cipher suit as a provider.

AI Suggested topics