The TLS protocols field enables you to specify the list of protocols to be used and the order of preference in which they are to be used. The TLS protocols field has the following default state:
Protocol | Default state |
---|---|
SSL2 | Disabled (permanently) |
SSL3 | Disabled |
TLS1 | Enabled |
TLS1.1 | Enabled |
TLS1.2 | Enabled |
You can use the following protocol options when configuring the TLS protocols field:
Option | Note |
---|---|
ALL | All the protocols listed here. |
SSL2 | Supported to match syntax in Apache. SSL2 is always disabled. |
SSL3 | |
TLS1 | TLS 1.0 |
TLS1.1 | |
TLS1.2 | |
TLS1.3 | Provided for future compatibility.1 |
TLS1.4 | Provided for future compatibility.1 |
Each option must be preceded by an operator with the exception of the special option ALL. The following is a list of valid operators:
This is the same syntax used in Apache configurations. You can copy configurations from Apache installations to use in Visual COBOL with little need for modifications.
There are several different ways to insert protocol definitions into each connection definition making these options additive.
To remove SSL3 from the default list while keeping the remaining default options you can add -SSL3 to the SSL protocol list.
To ensure that all default options are removed from the TLS protocols list you must specify -ALL at the start of each string. You can then specify a new string of options by adding them after the -ALL option.
TLS protocols | Description |
---|---|
ALL | Use the whole collection supported by the underlying security module. |
-ALL | Clear all protocols. This option precedes any new definitive list, for example, see the following two rows. |
-ALL+TLS1.1+TLS1.2 | Only use TLS1.1 and TLS1.2. |
-ALL-TLS1.1+TLS1.1+TLS1.2 | Only use TLS1.1 and TLS1.2. |
-ALL+TLS1.1 +TLS1.2-TLS1.2 | Only use TLS1.1. |
!ALL | This is syntactically correct but logically it is undesirable as it permanently removes all protocols. Its use results in an error state that prevents a client or server from starting. |