Can you please advise if enabling TLS or disabling SSL from the registry could have an implication of EB Website behaviour please?
Reply form our Yammer group:
Dainius Pavilonis Disclaimer: I presume this is about the recent push to disable SSL3/TLS1.0 (Enhancement 941333:[Security] TLS firedrill, disable SSL3/TLS1.0). I not 100% confident with below statements - developer comment wanted.
If SSL3/TLS1.0 is disabled, the outcome will depend on eB version and the protocol used by eB Web to communicate with eB Core Server: * If eB v15.6 or earlier, then it should have no effect. * If eB v16.1-16.6 then it will work/fail depending on primary transport protocol used by eB Core server. TCP protocol(default) will continue working but HTTPS(optional) will fail - eB server won't communicate with eB Web. * If eB v16.7.1-16.7.14 then eB server won't communicate with eB Web as it is HTTPS-only. * eB v16.7.15 and later supports TLS1.1+. Encryption of higher degree will be used for communitcation over HTTPS if SSL3/TLS1.0 is disabled.
Lambert Brink in reply to Dainius Pavilonis This is mostly accurate - it'll depend on exactly what gets modified around TLS/SSL, I'd say the behavior in some earlier eB versions are undefined because whatever settings are being changed here wouldn't have been tested for in the past so the applications may break.
The one statement we can make is 16.7.15 and later supports TLS1.1-1.2.
I have proceeded with turning off the below protocols ciphers and Key Exchange Algorithms because there are out off date, and I left TLS 2.1 on. But this has made the websites inaccessible, I had to turn them back on. We are currently using EB: 126.96.36.199. I guess this is what Lambert was referring to.
Ciphers: RC4 128/128 and Triple DES 168KEY Exchange Algorithms: Diffie-HellmanProtocols: SSL 2.0 / SSL 3.0 / TLS 1.0 / TLS 1.1 /
Will some clear test be running soon to confirm what precisely needs to be turn on/off please?
Development is busy with this. Not sure when it will be tested.
Answer Verified By: Carma De Villiers