|
This page applies to Appian Cloud only. It may not reflect the differences with Appian Government Cloud. |
OverviewCopy link to clipboard
Appian Cloud uses Transport Layer Security (TLS) to secure inbound web traffic.
This article outlines the different supported policies and options for enabling them.
Supported policiesCopy link to clipboard
Appian Cloud supports four different policies across all areas of the platform:
| TLS 1.2 permissive | TLS 1.2 strict | TLS 1.3/1.2 permissive | TLS 1.3/1.2 strict | |
|---|---|---|---|---|
| Environment dynamic content (commercial regions) | ✓ (default) | ✓ | ||
| Environment dynamic content (GovCloud regions) | ✓ (default) | ✓ | ||
| Static content delivery (commercial regions) | < Appian 22.4 | Appian 22.4+ | ||
| Static content delivery (GovCloud regions) | < Appian 23.4 | Appian 23.4+ | ||
| Portals | ✓ |
TLS 1.2 permissive (default)Copy link to clipboard
The permissive TLS 1.2 policy requires clients to access the environment using TLS 1.2. This policy supports the use of forward secrecy cipher suites for clients that support it, but can fall back to cipher suites without forward secrecy to support legacy clients.
TLS 1.2 strictCopy link to clipboard
This policy is similar to the permissive TLS 1.2 policy, but it only allows clients to access environments using cipher suites that support forward secrecy. Additionally, this policy disables cipher suites that include the CBC block cipher.
If supported, this policy can be enabled upon customer request by creating an Appian Support case.
TLS 1.3/1.2 permissiveCopy link to clipboard
This policy supports TLS 1.3 with fallback to TLS 1.2. It includes support for the same cipher suites as the TLS 1.2 permissive policy.
TLS 1.3/1.2 strictCopy link to clipboard
This policy supports TLS 1.3 with fallback to TLS 1.2. It includes support for the the same cipher suites as the TLS 1.2 strict policy.
If supported, this policy can be enabled upon customer request by creating an Appian Support case.
Supported cipher suitesCopy link to clipboard
The following table shows a side-by-side comparison of the cipher suites supported by each of Appian Cloud's TLS policies.
| OpenSSL cipher suite | TLS 1.2 permissive | TLS 1.2 strict | TLS 1.3/1.2 permissive | TLS 1.3/1.2 strict |
|---|---|---|---|---|
| TLS_AES_128_GCM_SHA256 | ✓ | ✓ | ||
| TLS_AES_256_GCM_SHA384 | ✓ | ✓ | ||
| ECDHE-ECDSA-AES128-GCM-SHA256 | ✓ | ✓ | ✓ | ✓ |
| ECDHE-RSA-AES128-GCM-SHA256 | ✓ | ✓ | ✓ | ✓ |
| ECDHE-ECDSA-AES128-SHA256 | ✓ | ✓ | ||
| ECDHE-RSA-AES128-SHA256 | ✓ | ✓ | ||
| ECDHE-ECDSA-AES128-SHA | ✓ | ✓ | ||
| ECDHE-RSA-AES128-SHA | ✓ | |||
| ECDHE-ECDSA-AES256-GCM-SHA384 | ✓ | ✓ | ✓ | ✓ |
| ECDHE-RSA-AES256-GCM-SHA384 | ✓ | ✓ | ✓ | ✓ |
| ECDHE-ECDSA-AES256-SHA384 | ✓ | ✓ | ||
| ECDHE-RSA-AES256-SHA384 | ✓ | ✓ | ||
| ECDHE-RSA-AES256-SHA | ✓ | |||
| ECDHE-ECDSA-AES256-SHA | ✓ | |||
| AES128-GCM-SHA256 | ✓ | ✓ | ||
| AES128-SHA256 | ✓ | ✓ | ||
| AES128-SHA | ✓ | |||
| AES256-GCM-SHA384 | ✓ | ✓ | ||
| AES256-SHA256 | ✓ | ✓ |