4D v17 allows the developer to set the minimun TLS version via the Set Database Parameter selector 105 (Min TLS version).
This database parameter expects a long integer value of either 1, 2, or 3; the following constants are available to help with code readability and maintainability.
Constant = Value
TLSv1_0 = 1
TLSv1_1 = 2
TLSv1_2 = 3 (default)
This setting applies globally to the network layer and affects the following aspects of the application:
- Web Server (if 'Enable HTTPS' is enabled in the Web database settings)
- SQL Server (if 'Enable TLS' is enabled in the SQL database settings)
- Client-Server (if 'Encrypt Client-Server Communications' is enabled in the Client-Server database settings and the New Network Layer is being used)
- HTTP Client commands (HTTP GET and HTTP REQUEST) when communicating with a web server via HTTPS
Note: The 4D Internet Commands plugin uses a different network layer, therefore this selector will have no impact on its TLS version.
If the developer wanted to set the minimum TLS version allowed to v1.2, the following code could be used (although unnecessary as it is the default):
|SET DATABASE PARAMETER(Min TLS version;TLSv1_2)|
If the developer wanted to set the minimum TLS version allowed to v1.1, the following code could be used:
|SET DATABASE PARAMETER(Min TLS version;TLSv1_1)|
If the developer wanted to set the minimum TLS version allowed to v1.0, the following code could be used:
|SET DATABASE PARAMETER(Min TLS version;TLSv1_0)|
Note: These old TLS versions were kept for compatibility purposes in order to give users the possibility to connect to servers that are still using older technologies or to provide connectivity options for older browsers while still pursuing the upgrade path for those services. Becareful when configuring this option as lowering the TLS version will make the server susceptible to older TLS vulnerabilities.