Free cookie consent management tool by TermsFeed TLS Policies for Inbound Web Access [Appian Cloud Administration]
TLS Policies for Inbound Web Access

This page applies to Appian Cloud only. It may not reflect the differences with Appian Government Cloud.

Overview

Appian Cloud allows customers to configure web access to Appian environments using different TLS policies. This article outlines the differences between supported policies so that customers can determine the correct one for their needs.

Supported policies

TLS 1.2 default

The default TLS 1.2 policy requires users to access the environment using TLS 1.2. This policy supports the use of forward secrecy cipher suites for clients that support it, but can fall back to cipher suites without forward secrecy to support older web clients.

This is the default policy for Appian Cloud environments, portals, and process mining environments, as it offers the security of TLS 1.2 with forward secrecy while maintaining compatibility with older systems that do not support forward secrecy.

TLS 1.2 strict

This policy is similar to the default TLS 1.2 policy, but it only allows clients to access environments using cipher suites that support forward secrecy. Additionally, this policy disables cipher suites that include the CBC block cipher. This policy can be enabled upon customer request by creating an Appian Support case.

Tip:  TLS 1.2 strict policy is not supported for Process Mining and Portals.

Supported cipher suites

The following table shows a side-by-side comparison of the cipher suites supported by each of Appian Cloud's TLS policies.

OpenSSL cipher suite TLS 1.2 default TLS 1.2 strict
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-SHA256  
ECDHE-RSA-AES128-SHA256  
ECDHE-ECDSA-AES128-SHA  
ECDHE-RSA-AES128-SHA  
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-SHA384  
ECDHE-RSA-AES256-SHA384  
ECDHE-RSA-AES256-SHA  
ECDHE-ECDSA-AES256-SHA  
AES128-GCM-SHA256  
AES128-SHA256  
AES128-SHA  
AES256-GCM-SHA384  
AES256-SHA256  
AES256-SHA  
Open in Github Built: Fri, Apr 19, 2024 (06:08:19 PM)

TLS Policies for Inbound Web Access

FEEDBACK