Transport Layer SecurityΒΆ

The Curity Identity Server supports versions 1.0, 1.1, 1.2, and 1.3 of the Transport Layer Security protocol.

By default, only TLSv1.2 is enabled on Curity Identity Server for server-side transport security.

TLSv1.0 and TLSv1.1 have well known security issues and are disabled by default due to that reason. However, they can be explicitly enabled via the enable-tls-1.0 and enable-tls-1.1 service role configuration settings respectively. A use case for this can be the requirement to accept connections from older devices or legacy software, which may not support the more recent TLS versions.

TLSv1.3 is disabled by default due to possible compatibility issues with previous setups, namely for mutual TLS. However, it can be explicitly enabled via the enable-tls-1.3 service role configuration setting.

For details on the configuration model, see the Configuration Reference.