TLS v1.2 support in Caché


What version of Caché supports TLS v1.2? 


Caché 2015.2 announced support for TLS v1.1 and v1.2.  In this version, the SSL/TLS configuration page provides checkboxes for TLS v1.1 and v1.2, which allows the versions to be configured individually.  This allows sites to, for example, require TLS v1.2 only.

Additionally, some earlier versions of Caché provide undocumented support for TLS v1.1 and v1.2, specifically Caché 2014.1.3 and above and 2015.1, on Windows, Linux and Unix.

Here’s why:  Caché uses the openssl library for SSL/TLS.  TLS v1.1 and v1.2 support is first available in openssl version 1.0.1.  On Windows, Linux and Unix, a version of this library is included with the install kit, and Caché 2014.1.3 and 2015.1.0 are the first to ship with an openssl 1.0.1 library (1.0.1j).  On these versions, if the "TLS v1" checkbox is checked in an SSL/TLS configuration, the system will use any of TLS v1.0, v1.1 and v1.2.  The actual version of TLS used is dependent on both sides of the connection; the highest version both support will be used.  There are no independent controls for TLS v1.0, v1.1, or v1.2.

Note that for OpenVMS, there is no support in any released version of Caché for TLS v1.1 or v1.2 (as of August 2016.)  On this platform, Caché uses the HP SSL libraries, not libraries provided with the installation kit.  HP has two different SSL libraries: HPE SSL Version 1.4 and HP SSL1 V 1.0.  Caché uses the HPE SSL Version 1.4 library, which is based on openssl 0.9.8zh, and does not include TLS v1.1 and v1.2 support.  

If you're using Windows, Linux or Unix and you'd like to check what version of the libraries you have, you can check the version of openssl in your installation by running:

./openssl version

in the bin directory of the installation.