Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Section | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
On Secure Bridge Setup, you can find operational concepts for a secure
...
BRIDGE setup. Find here some additional security recommendations to consider for
...
BRIDGE hardening.
Disabling TLS 1.0
Info |
---|
Bridge 7.2.0 As of BRIDGE 7.2.0, TLS 1.0 is disabled by default. Still, you can use this guide to re-enable it if necessary. |
If you do not have any clients that need TLS 1.0, we recommend to disable this protocol for the
...
BRIDGE from the security point of view. To be downwards compatible with MagicDraw 17 (see note), we did not implement this to the standard
...
BRIDGE installation.
Note |
---|
...
icon | false |
---|
MagicDraw 17 uses Java 6, and thus only supports protocols up to TLS 1.0. So, if you disable Tomcat TLS 1.0 on your |
...
BRIDGE, you will not be able to deploy services directly from MagicDraw 17 to this |
...
BRIDGE (a handshake error will occur). |
...
BRIDGE UI nevertheless. |
To do disable TLS 1.0, you have to edit the Tomcat and Apache configuration files of the
...
BRIDGE as shown in the table below.
Location | Attribute/Property | Example | Notes | |
---|---|---|---|---|
Tomcat |
|
...
|
...
|
...
sslEnabledProtocols | sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello" sslEnabledProtocols="TLSv1.2,TLSv1.1,SSLv2Hello" | This file will get overwritten on |
...
BRIDGE updates! The old configuration file is copied to server.xml.old. |
...
a BRIDGE update re-apply the changes from the backup copy of the file. | |
Apache |
|
...
| SSLProtocol | SSLProtocol All -SSLv2 -SSLv3 |
...
| Copy the Apache templates that have been provided with your |
...
BRIDGE installation from folder |
...
|
...
<your |
...
BRIDGE data directory>/proxies/conf/httpd.conf is generated from this template file on |
...
BRIDGE start- |
...
up. The |
...
BRIDGE will generate the configuration from the file in folder templates if available. If not, the |
...
BRIDGE will use the system templates. |
Steps
- Apply changes to the
...
- files as described above. Consider the notes!
- Restart the
...
- BRIDGE to apply the changed Apache configuration
...
- .
Panel | ||
---|---|---|
| ||
|
Panel | ||
---|---|---|
| ||