There are different and sometimes incompatible releases of the TLS protocol. TLS protocols can be set via the ClientSSLOptions and ServerSSLOptions classes, enabling all supported protocols by default. Set the appropriate 'disable_tls*' parameters to disable the selected TLS protocols. Zorp currently supports the TLS v1, TLS v1.1, TLS v1.2 protocols.
| Example 3.1. Disabling specific TLS protocols |
|---|
|
The following example disables the TLSv1 protocol on the client and the server side. EncryptionPolicy(
name="MyTLSEncryption",
encryption=TwoSidedEncryption(
client_verify=None,
server_verify=ServerCertificateVerifier(
ca_directory="/etc/ca.d/certs/",
crl_directory="/etc/ca.d/crls/",
)
client_ssl_options=ServerSSLOptions(disable_proto_tlsv1=TRUE),
server_ssl_options=ServerSSLOptions(disable_proto_tlsv1=TRUE),
)
)
|
Published on March 04, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu
