3

Currently mule 3.9 with java 1.8 and enabled all TLS so now i need to disable v 1.0 , there will be any problem..

Or there will be any issue in existing mule API that are connected to other APIs using https as my mule APIs are calling other external APIs sometimes

muledev
  • 33
  • 3

1 Answers1

2

TLS 1.0 is disabled by default in Mule 3.9 and Java 1.8. You only will have an issue if your applications try to connect to any HTTPS service that only accepts TLS 1.0. Those will reject your HTTPS requests.

If those services exposing only TLS 1.0 are APIs or are not APIs, that's irrelevant as we are talking about HTTPS as a communication transport and what they are doing doesn't change that. It may be plan HTTPS or a SOAP web service behind HTTPS.

Anypoint Platform has deprecated TLS 1.0 for some years so any platform APIs and the global load balancers will reject TLS 1.0.

aled
  • 21,330
  • 3
  • 27
  • 34
  • The services that i am connecting from Mule are either REST or SOAP , so should I check that those services will work on TLS 1.2 – muledev Mar 10 '21 at 18:33
  • Yes, or TLS 1.1. You can use openssl (example: https://serverfault.com/a/638692) or some other tool to verify the service support TLS 1.2. If they only support TLS 1.0, the problem is not Mule, it is that the service is supporting only a deprecated and very insecure protocol. – aled Mar 10 '21 at 19:45