Question

How to enforce the use of TLS 1.2 and how to use AES-GCM chiper suite?

0

After a penetration test the following Vulnerability is found in our Mendix 7.3.0 application: Vulnerabilities in SSL RC4 Cipher Suites see: https://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf JDK 8 uses TLS1.2 by default so should I use JDK 8 instead of JDK 7? How can i use AES-GCM chiper suite? Should I use the encryption module for this? Thanks!

asked 2019-01-23

Theo Swart

2 answers

Jeroen Odink · Answer 1 · 2019-01-23

Hi Theo,

Perhaps it is worthwhile to take a look at the Mendix Cloud Login Guard module in the app store. Not sure if it fully covers your scenario.

Kind regards,

Jeroen Odink

Eric Tieniber · Answer 2 · 2019-01-23

In a CF deployment, SSL is handled by a separate web server in front of your Mendix app container. For example, if your SSL endpoint web server is running NGINX and OpenSSL, then this would be relevant:

https://askubuntu.com/questions/319192/how-to-enable-tls-1-2-in-nginx

Here’s an interesting article about selecting ciphers as well:

https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/