Overriding TLS Defaults

Overriding the default TLS settings should only be used as a last resort — when all other options have been exhausted.

Iguana will always try to use TLSv1.3 first, then TLSv1.2. It is still not recommended to use older TLS or SSL versions unless absolutely needed due to security exploits.

If required, the TLS defaults can be overridden for the Network Client API used in integrations - net.http, net.ftp, net.ftps, and net.smtp.

The default behaviour of the client APIs is to use try TLSv1.3 and then TLSv1.2.

To override the default behaviour, an ssl_version parameter can be supplied. The values can be overridden to use tls-v1, tls-v1.1, tls-v1.2, tls-v1.3.

Specifying tls-v1 will allow connections to use all TLS versions (starting with tls-v1.3 down to tls-v1.0 until a supported version is agreed upon by both the client and server).

With these parameters provided, Iguana will override it’s default cipher suites and use the ones listed:

  • To override the supported list of ciphers, the cipher_list parameter can be supplied.

  • To override the supported ciphers for TLSv1.3 specifically, supply the cipher_suite_list parameter.

For both parameters, the new cipher list must be provided in the OpenSSL format.

 

Related pages