TLS Security

Mashery Local 5.2 disables TLS v1.0 out-of-the-box in the Traffic Manager and V3 API. The default settings of Traffic Manager and V3 API can be customized.

Make appropriate changes to the above entry, save the file. Run the build_docker job to build new images.

Customizing Default Security Settings

The default security settings in both the affected components can be customized by following the steps below before the images are built using the Mashery Local Installer:

  1. Start the Mashery Local Installer, for more information refer to the Mashery Local Installer section.
  2. Customize the TLS security settings for Traffic Manager:
    1. Open the install-core-tools.sh file at /var/jenkins_home/docker-build/tmgc-tm/install/install-core-tools.sh
    2. Make appropriate changes to the following line: 
      disabled_tls10_val='jdk.tls.disabledAlgorithms=SSLv3,SSLv2Hello, TLSv1, TLSv1.1, RC4, DES, DESede, MD5withRSA, DH keySize < 1024, EC keySize < 224, DES40_CBC, RC4_40'
    3. Save the file.
  3. Customize the TLS security settings for the V3 API in Config Manager (Mashery Local-Configuration Manager).
    1. Open the java security file at /var/jenkins_home/docker-build/tmgc-cm/install/java.security.
    2. The default entry is as follows: 
      jdk.tls.disabledAlgorithms=SSLv3,SSLv2Hello, TLSv1, TLSv1.1, RC4,
DES, DESede, MD5withRSA, DH keySize < 1024, EC keySize < 224,
DES40_CBC, RC4_40
    3. Make appropriate changes to the above entry, save the file.
  4. Run the build_docker job to build new images.