Contact Us 1-800-596-4880

Migrate From TLS 1.0

As TLS 1.0 is no longer accepted by PCi compliance, and considering the significant vulnerabilities around this protocol’s version, we strongly suggest you to migrate to TLS v1.1 and newer.

Since Studio 5.4.3, you are able to edit the TLS configuration file of your Studio and API Gateway runtimes.

Edit Your Runtime’s TLS Configuration File From Studio

From your Studio installation folder, navigate to the plugins directory. There, you need to locate the folder for your server’s runtime and Studio version.
The name of the folder should follow the following form:

org.mule.tooling.server.3.7.3.ee_5.4.x.yyy.mm.dd

Inside it, go to mule/conf directory and open the tls-default.conf file to edit your TLS configuration.
You can find the enabled protocols for your configuration in the enabledProtocols field.

If needed, you can also comment or uncomment lines in the enabledCipherSuites corresponding to your site’s security policy.

Edit Your API Gateway’s TLS Configuration File From Studio

From your Studio installation folder, navigate to the plugins directory. There, you need to locate the folder for your server’s API Gateway and Studio version.
The name of the folder should follow the following form:

org.mule.tooling.apigateway.x.x.x_x.x.x.yyyymmdd

Inside it, go to mule/conf directory and open the tls-default.conf file to edit your TLS configuration.
You can find the enabled protocols for your configuration in the enabledProtocols field.

If needed, you can also comment or uncomment lines in the enabledCipherSuites corresponding to your site’s security policy.

If you have apps built with Mule runtime 3.9 or later and you use JDK 1.7, then TLS 1.2 is not supported. It is recommended that you update your JDK to 1.8 to support this security protocol.

If by any reason you can’t update your JDK to 1.8, then you must manually configure Mule 3.9 to point to TLS V1.0.

MMC users will need to download MMC version V3.8 HF1, this version specifically helps users with Mule V3.8 and JDK 1.7 point to TLS V1.0 instead of V1.2, so just updating MMC to this version should solve this problem.

See Also

View on GitHub