KNOWLEDGE BASE
Log In    |    Knowledge Base    |    4D Home
Tech Tip: Setting the minimum TLS version in 4D v17
PRODUCT: 4D | VERSION: 17 | PLATFORM: Mac & Win
Published On: August 16, 2018
Your current browser may not allow you to download the asset. We recommend Mozilla Firefox or Google Chrome.
Log In

4D v17 allows the developer to set the minimun TLS version via the Set Database Parameter selector 105 (Min TLS version).

This database parameter expects a long integer value of either 1, 2, or 3; the following constants are available to help with code readability and maintainability.

Constant = Value
    TLSv1_0 = 1
    TLSv1_1 = 2
    TLSv1_2 = 3 (default)


This setting applies globally to the network layer and affects the following aspects of the application:

  • Web Server (if 'Enable HTTPS' is enabled in the Web database settings)
  • SQL Server (if 'Enable TLS' is enabled in the SQL database settings)
  • Client-Server (if 'Encrypt Client-Server Communications' is enabled in the Client-Server database settings and the New Network Layer is being used)
  • HTTP Client commands (HTTP GET and HTTP REQUEST) when communicating with a web server via HTTPS

Note: The 4D Internet Commands plugin uses a different network layer, therefore this selector will have no impact on its TLS version.



If the developer wanted to set the minimum TLS version allowed to v1.2, the following code could be used (although unnecessary as it is the default):
SET DATABASE PARAMETER(Min TLS version;TLSv1_2)


If the developer wanted to set the minimum TLS version allowed to v1.1, the following code could be used:
SET DATABASE PARAMETER(Min TLS version;TLSv1_1)


If the developer wanted to set the minimum TLS version allowed to v1.0, the following code could be used:
SET DATABASE PARAMETER(Min TLS version;TLSv1_0)




Note: These old TLS versions were kept for compatibility purposes in order to give users the possibility to connect to servers that are still using older technologies or to provide connectivity options for older browsers while still pursuing the upgrade path for those services. Becareful when configuring this option as lowering the TLS version will make the server susceptible to older TLS vulnerabilities.

See Also: