Supported SSL/TLS versions
The following table shows which SSL/TLS versions are available and enabled by default for front-side connections for the corresponding gateway version.
Gateway version | Available TLS version | Enabled TLS version by default |
|---|---|---|
Airlock Gateway 8.0 and higher | TLS 1.3 TLS 1.2 TLS 1.1 TLS 1.0 | TLS 1.3 TLS 1.2 |
Note that by using a hardware security module (HSM) with Airlock Gateway, the number of available TLS protocols can be lower, compared to the table above. SSLv3 is unsupported by Airlock Gateway 8.0 and higher (configuration activation fails). If you use custom settings, you will also not automatically benefit from optimizations in future Airlock Gateway updates.
We recommend using the default TLS settings of Airlock Gateway for an optimal balance between security and compatibility.
How to enable TLS 1.0/1.1
TLS 1.0 and TLS 1.1 is no longer recommended for production (see RFC8996 - Deprecating TLS 1.0 and TLS 1.1) use but can still be activated as follows.
- Go to:
Virtual host detail page, Tab – SSL - Set SSL protocol to Custom mode with the following settings:
- Set Cipher suite to Custom mode and insert the ciphers required by the legacy application. See also Mozilla security recommendations for TLS ciphers for best practice information.
For example: