Informix

Expand all | Collapse all

Disallow TLS_VERSION 1.0

  • 1.  Disallow TLS_VERSION 1.0

    Posted Wed March 10, 2021 04:17 PM
    Hello,
    we are running Informix 11.70.FC4IE which should support TLS version 1.0,1.1,1.2 by default. Now we need to disable v1.0 on listening onsocssl port because of security requirement so we set value TLS_VERSION 1.1 in onconfig. Unfortunately port still answers to handshake request TLS v1.0 (openssl s_client -connect IP:port -tls1). Any suggestion how to disable this?
    Tks
    Jiri
    sqlhost
    <dbservename> onsocssl <IP> <port> s=4,pam_serv=(login),pamauth=(password)

    ------------------------------
    Jiří Janský
    ------------------------------


  • 2.  RE: Disallow TLS_VERSION 1.0

    Posted Wed March 10, 2021 05:26 PM
    You needed to be on 11.70.xC8 or newer to take advantage of TLS_VERSION configuration, afaik.
    (And you needed to be on v12.10 or better v14.10 to be on a supported version ;-) )

    ------------------------------
    Andreas Legner
    ------------------------------