Over the years, security has become a core topic for business applications. Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both frequently referred to as “SSL”, are cryptographic protocols that provide communications security over a computer network. The TLS version that your application is using for web or client/server connections, for instance, contributes to its security level.
4D supports all TLS versions: 1.0, 1.1 and 1.2. The protocol version used is negotiated between the server and the client when establishing the connection. To increase the security level, beginning with 4D v16 R5, the default minimum supported version is TLS 1.2, older versions are rejected, as they could be unsecure.
Don’t worry, TLS 1.2 was defined in RFC 5246 in August 2008. It’s been available and integrated in tools and servers for a very long time. All major browsers support TLS 1.2. Thus, you can upgrade your 4D Web Server without modification or precaution, you don’t have to rewrite your web pages or methods. For your client-server applications, you can migrate your older client applications to 4D v16 R5 client applications without changing your code.
CHANGING MINIMUM TLS VERSION
For compatibility purposes – if you need to support older browsers or tools which do not supports TLS 1.2 – there is a means to decrease the security level and continue to allow these potentially unsecure protocols with the new 4D Min TLS version selector for the Get database parameter and SET DATABASE PARAMETER commands.