Free cookie consent management tool by TermsFeed

TLS Policies for Inbound Web Access

This page applies to Appian Cloud only. It may not reflect the differences with Appian Government Cloud.

Overview

Appian Cloud uses Transport Layer Security (TLS) to secure inbound web traffic.

This article outlines the different supported policies and options for enabling them.

Supported policies

Appian Cloud supports four different policies across all areas of the platform:

  TLS 1.2 permissive TLS 1.2 strict TLS 1.3/1.2 permissive TLS 1.3/1.2 strict
Environment dynamic content (commercial regions) ✓ (default)    
Environment dynamic content (GovCloud regions)     ✓ (default)
Static content delivery (commercial regions) < Appian 22.4   Appian 22.4+  
Static content delivery (GovCloud regions) < Appian 23.4   Appian 23.4+  
Portals      

TLS 1.2 permissive (default)

The permissive TLS 1.2 policy requires clients to access the environment using TLS 1.2. This policy supports the use of forward secrecy cipher suites for clients that support it, but can fall back to cipher suites without forward secrecy to support legacy clients.

TLS 1.2 strict

This policy is similar to the permissive TLS 1.2 policy, but it only allows clients to access environments using cipher suites that support forward secrecy. Additionally, this policy disables cipher suites that include the CBC block cipher.

If supported, this policy can be enabled upon customer request by creating an Appian Support case.

TLS 1.3/1.2 permissive

This policy supports TLS 1.3 with fallback to TLS 1.2. It includes support for the same cipher suites as the TLS 1.2 permissive policy.

TLS 1.3/1.2 strict

This policy supports TLS 1.3 with fallback to TLS 1.2. It includes support for the the same cipher suites as the TLS 1.2 strict policy.

If supported, this policy can be enabled upon customer request by creating an Appian Support case.

Supported cipher suites

The following table shows a side-by-side comparison of the cipher suites supported by each of Appian Cloud's TLS policies.

OpenSSL cipher suite TLS 1.2 permissive TLS 1.2 strict TLS 1.3/1.2 permissive TLS 1.3/1.2 strict
TLS_AES_128_GCM_SHA256    
TLS_AES_256_GCM_SHA384    
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-SHA256    
ECDHE-RSA-AES128-SHA256    
ECDHE-ECDSA-AES128-SHA    
ECDHE-RSA-AES128-SHA      
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-SHA384    
ECDHE-RSA-AES256-SHA384    
ECDHE-RSA-AES256-SHA      
ECDHE-ECDSA-AES256-SHA      
AES128-GCM-SHA256    
AES128-SHA256    
AES128-SHA      
AES256-GCM-SHA384    
AES256-SHA256    

Feedback