/
Overriding TLS Defaults

Overriding TLS Defaults

Owned by Aryn Wiebe
Last updated: Sept 04, 2024
1 min read

Overriding the default TLS settings should only be used as a last resort — when all other options have been exhausted.

Iguana will always try to use TLSv1.3 first, then TLSv1.2. It is still not recommended to use older TLS or SSL versions unless absolutely needed due to security exploits.

If required, the TLS defaults can be overridden for the Network Client API used in integrations - net.http, net.ftp, net.ftps, and net.smtp.

The default behaviour of the client APIs is to use try TLSv1.3 and then TLSv1.2.

To override the default behaviour, an ssl_version parameter can be supplied. The values can be overridden to use tls-v1, tls-v1.1, tls-v1.2, tls-v1.3.

Specifying tls-v1 will allow connections to use all TLS versions (starting with tls-v1.3 down to tls-v1.0 until a supported version is agreed upon by both the client and server).

With these parameters provided, Iguana will override it’s default cipher suites and use the ones listed:

  • To override the supported list of ciphers, the cipher_list parameter can be supplied.

  • To override the supported ciphers for TLSv1.3 specifically, supply the cipher_suite_list parameter.

For both parameters, the new cipher list must be provided in the OpenSSL format.

 

Related content

TLS/SSL Certificates and Keys
TLS/SSL Certificates and Keys
IguanaX Documentation
Read with this
Enable TLS/SSL with the Network Client APIs
Enable TLS/SSL with the Network Client APIs
IguanaX Documentation
More like this
Transmission Security
Transmission Security
IguanaX Documentation
Read with this
Supported TLS/SSL Versions and Ciphers
Supported TLS/SSL Versions and Ciphers
IguanaX Documentation
More like this
Built-in Sample Certificate and Private Key Files
Built-in Sample Certificate and Private Key Files
IguanaX Documentation
More like this
Web Configuration File
Web Configuration File
IguanaX Documentation
More like this