Question

Mendix Application Web Security Protocols

0

I have a client VB .NET application that is to consume a web service within our Mendix application. Unfortunately, as the client application is .NET framework 2.0, it will only support security protocols SSL3.0 and TLS1.0. Our Mendix application currently uses security protocol TLS1.2. Is there any way to get our Mendix application to use SSL3.0 or TLS1.0 instead?

asked 2019-04-02

Andrew Robert Greenald

2 answers

Tim v Steenbergen · Answer 1 · 2019-04-02

Since this is about security, downgrading is not advisable and you better move the problem to the .net application asking them to improve their security.

Rom van Arendonk · Answer 2 · 2019-04-02

Yes: you can host your application on premise. Alternatively, you may be able to migrate to Mendix Cloud v3 (since there is no mention that these protocols have been disabled in that cloud), and you could submit a support ticket for that. Note, however, that both of these protocols are considered unsafe, and so they are no longer supported on the Mendix (v4) cloud, see here:

"January 28th, 2019

TLS v1.0 & v1.1 Disabled for Mendix Cloud v4

We have implemented a change on our Mendix Cloud v4 infrastructure so that incoming connections that do not support TLS v1.2 or higher will stop working. This effectively means that TLS v1.0 and v1.1 are disabled, and Mendix Cloud v4 now has an A+ rating at SSL Labs again. ”