Disable TLS 1.0 and 1.1

gbkf · August 25, 2022, 3:21am

Using keycloak 18 with quarkus and having trouble figuring out how to disable TLS v1.0 and v1.1. Thought perhaps setting the configuration option: https-protocols=TLSv1.3,TLSv1.2 but that doesn’t disable tls 1.0 and 1.1.

Is there a way to specifically disable https protocols?

gsmith · August 26, 2022, 4:01am

Hello,

If your using keycloak 18 with quarkus

By default, Keycloak does not enable deprecated TLS protocols. If your client supports only deprecated protocols, consider upgrading the client. To also allow TLSv1.2, use a command such as the following:

kc.sh start --https-protocols=TLSv1.3,TLSv1.2.

gbkf · August 26, 2022, 4:24am

I’ve not set Keycloak to use TLS 1.0 or 1.1. The only change made has been enabling https and it has those deprecated TLS protocols enabled with seemingly no way to turn off. Confirmed they were enabled by running the Qualys SSlLabs check against keycloak and it showed tls 1.0 and 1.1 were enabled.

gsmith · August 26, 2022, 4:38am

You sure that Keycloak was running those? As I posted above it will not unless specified. If so, it maybe be a bug. You can look here.

Issues · keycloak/keycloak · GitHub

Topic		Replies	Views
Disabling TLS1.0 TLS1.1	3	3676	June 21, 2022
Keycloak configuration required to support TLS V1.2 Getting advice	0	491	May 12, 2022
How can I disable client-initiated renegotiation? Getting advice	0	209	December 7, 2023
Keycloak and TLS1.3	2	1935	May 3, 2021
Keyclaok>15. filters with keyclaok.conf Configuring the server admin-console	0	353	August 3, 2022

Disable TLS 1.0 and 1.1

Related Topics