2 Replies Latest reply on Oct 11, 2017 10:05 AM by boidiet

    Enforce TLS 1.2 encryption

    boidiet
    boidiet Oct 11, 2017 9:27 AM

      Hello,

      is it possible to configure Infinispan for enforced TLS 1.2 communication between cache clients and server nodes?

        • 1. Re: Enforce TLS 1.2 encryption
          nadirx
          nadirx Oct 11, 2017 9:57 AM (in response to boidiet)

          Hey Dieter,

           

          for the Hot Rod client, set the protocol on the SSL configuration:

           

          ConfigurationBuilder builder = new ConfigurationBuilder()
builder.security().ssl().protocol("TLSv1.2");;

           

          If you are using a properties configuration file:

           

          infinispan.client.hotrod.ssl_protocol=TLSv1.2

           

          For the server, set this on the ssl engine element:

           

          <security-realms>
     <security-realm name="ApplicationRealm">
          <server-identities>
               <ssl>
                    <engine enabled-protocols="TLSv1.2"/>
                    <keystore .../>
               </ssl>
          </server-identities>
     </security-realm>
</security-realms>

           

          If you wish, you can also specify which ciphers you want to enable by adding an 'enabled-cipher-suites' attribute on the engine element.

            • Actions
          • 2. Re: Enforce TLS 1.2 encryption
            boidiet
            boidiet Oct 11, 2017 10:05 AM (in response to nadirx)

            Hello Tristan,

            this is great, thanks a lot :-)

              • Actions