org.mule.tooling.server.3.7.3.ee_5.4.x.yyy.mm.dd
Migrate From TLS 1.0
As TLS 1.0 is no longer accepted by PCi compliance, and considering the significant vulnerabilities around this protocol’s version, we strongly suggest you to migrate to TLS v1.1 and newer.
Since Studio 5.4.3, you are able to edit the TLS configuration file of your Studio and API Gateway runtimes.
Edit Your Runtime’s TLS Configuration File From Studio
From your Studio installation folder, navigate to the plugins
directory. There, you need to locate the folder for your server’s runtime and Studio version.
The name of the folder should follow the following form:
Inside it, go to mule
/conf
directory and open the tls-default.conf
file to edit your TLS configuration.
You can find the enabled protocols for your configuration in the enabledProtocols
field.
If needed, you can also comment or uncomment lines in the enabledCipherSuites corresponding to your site’s security policy.
Edit Your API Gateway’s TLS Configuration File From Studio
From your Studio installation folder, navigate to the plugins
directory. There, you need to locate the folder for your server’s API Gateway and Studio version.
The name of the folder should follow the following form:
org.mule.tooling.apigateway.x.x.x_x.x.x.yyyymmdd
Inside it, go to mule
/conf
directory and open the tls-default.conf
file to edit your TLS configuration.
You can find the enabled protocols for your configuration in the enabledProtocols
field.
If needed, you can also comment or uncomment lines in the enabledCipherSuites corresponding to your site’s security policy.
If you have apps built with Mule runtime 3.8 and you use JDK 1.7, then TLS 1.2 is not supported. It is recommended that you update your JDK to 1.8 to support this security protocol. If by any reason you can’t update your JDK to 1.8, then you must manually configure Mule 3.8 to point to TLS V1.0. MMC users will need to download MMC version V3.8 HF1, this version specifically helps users with Mule V3.8 and JDK 1.7 point to TLS V1.0 instead of V1.2, so just updating MMC to this version should solve this problem. |
See Also
-
Read more about TLS in Wikipedia
-
See how to configure the HTTP Connector
-
See how to handle a Global TLS Configuration