Home 5.1.0

Table of Contents

• Intro and Overview
• System Admin Guide
  • Attribute Transformers
  • Audit
  • Authorization Managers
  • Credential Managers
  • Cryptography
  • Data Sources
  • Deployment
  • Email Providers
  • Http Clients
  • Logging
  • Monitoring
  • Scripting
  • Server Events
  • SMS Providers
  • Transport Layer Security
  • Upgrading
  • Common Usecases
  • System Requirements
  • JVM Configuration
  • Go-live Checklist
  • CORS
  • Cross Site Requests
• Authentication Service Admin Guide
• Token Service Admin Guide
• User Management Admin Guide
• Developer Guide
• Configuration Guide
• Glossary

Transport Layer Security

The Curity Identity Server supports versions 1.0, 1.1, 1.2, and 1.3 of the Transport Layer Security protocol.

By default, only TLSv1.2 is enabled on Curity Identity Server for server-side transport security.

TLSv1.0 and TLSv1.1 have well known security issues and are disabled by default due to that reason. However, they can be explicitly enabled via the enable-tls-1.0 and enable-tls-1.1 service role configuration settings respectively. A use case for this can be the requirement to accept connections from older devices or legacy software, which may not support the more recent TLS versions.

TLSv1.3 is disabled by default due to possible compatibility issues with previous setups, namely for mutual TLS. However, it can be explicitly enabled via the enable-tls-1.3 service role configuration setting.

For details on the configuration model, see the Configuration Reference.