2 Replies Latest reply on Oct 11, 2017 10:05 AM by Dieter Müller-Wipperfürth

    Enforce TLS 1.2 encryption

    Dieter Müller-Wipperfürth Newbie

      Hello,

      is it possible to configure Infinispan for enforced TLS 1.2 communication between cache clients and server nodes?

        • 1. Re: Enforce TLS 1.2 encryption
          Tristan Tarrant Master

          Hey Dieter,

           

          for the Hot Rod client, set the protocol on the SSL configuration:

           

          ConfigurationBuilder builder = new ConfigurationBuilder()
          builder.security().ssl().protocol("TLSv1.2");;
          

           

          If you are using a properties configuration file:

           

          infinispan.client.hotrod.ssl_protocol=TLSv1.2
          

           

          For the server, set this on the ssl engine element:

           

          <security-realms>
               <security-realm name="ApplicationRealm">
                    <server-identities>
                         <ssl>
                              <engine enabled-protocols="TLSv1.2"/>
                              <keystore .../>
                         </ssl>
                    </server-identities>
               </security-realm>
          </security-realms>
          

           

          If you wish, you can also specify which ciphers you want to enable by adding an 'enabled-cipher-suites' attribute on the engine element.

          • 2. Re: Enforce TLS 1.2 encryption
            Dieter Müller-Wipperfürth Newbie

            Hello Tristan,

            this is great, thanks a lot :-)