TLS Policies for Inbound Web Access Share Share via LinkedIn Reddit Email Copy Link Print On This Page This page applies to Appian Cloud only. It may not reflect the differences with Appian Government Cloud. Overview Appian Cloud uses Transport Layer Security (TLS) to secure inbound web traffic. This article outlines the different supported policies and options for enabling them. Supported policies Appian Cloud supports four different policies across all areas of the platform: TLS 1.2 permissive TLS 1.2 strict TLS 1.3/1.2 permissive TLS 1.3/1.2 strict Environment dynamic content (commercial regions) ✓ (default) ✓ Environment dynamic content (GovCloud regions) ✓ (default) ✓ Static content delivery (commercial regions) < Appian 22.4 Appian 22.4+ Static content delivery (GovCloud regions) < Appian 23.4 Appian 23.4+ Portals ✓ TLS 1.2 permissive (default) The permissive TLS 1.2 policy requires clients to access the environment using TLS 1.2. This policy supports the use of forward secrecy cipher suites for clients that support it, but can fall back to cipher suites without forward secrecy to support legacy clients. TLS 1.2 strict This policy is similar to the permissive TLS 1.2 policy, but it only allows clients to access environments using cipher suites that support forward secrecy. Additionally, this policy disables cipher suites that include the CBC block cipher. If supported, this policy can be enabled upon customer request by creating an Appian Support case. TLS 1.3/1.2 permissive This policy supports TLS 1.3 with fallback to TLS 1.2. It includes support for the same cipher suites as the TLS 1.2 permissive policy. TLS 1.3/1.2 strict This policy supports TLS 1.3 with fallback to TLS 1.2. It includes support for the the same cipher suites as the TLS 1.2 strict policy. If supported, this policy can be enabled upon customer request by creating an Appian Support case. Supported cipher suites The following table shows a side-by-side comparison of the cipher suites supported by each of Appian Cloud's TLS policies. OpenSSL cipher suite TLS 1.2 permissive TLS 1.2 strict TLS 1.3/1.2 permissive TLS 1.3/1.2 strict TLS_AES_128_GCM_SHA256 ✓ ✓ TLS_AES_256_GCM_SHA384 ✓ ✓ ECDHE-ECDSA-AES128-GCM-SHA256 ✓ ✓ ✓ ✓ ECDHE-RSA-AES128-GCM-SHA256 ✓ ✓ ✓ ✓ ECDHE-ECDSA-AES128-SHA256 ✓ ✓ ECDHE-RSA-AES128-SHA256 ✓ ✓ ECDHE-ECDSA-AES128-SHA ✓ ✓ ECDHE-RSA-AES128-SHA ✓ ECDHE-ECDSA-AES256-GCM-SHA384 ✓ ✓ ✓ ✓ ECDHE-RSA-AES256-GCM-SHA384 ✓ ✓ ✓ ✓ ECDHE-ECDSA-AES256-SHA384 ✓ ✓ ECDHE-RSA-AES256-SHA384 ✓ ✓ ECDHE-RSA-AES256-SHA ✓ ECDHE-ECDSA-AES256-SHA ✓ AES128-GCM-SHA256 ✓ ✓ AES128-SHA256 ✓ ✓ AES128-SHA ✓ AES256-GCM-SHA384 ✓ ✓ AES256-SHA256 ✓ ✓ Feedback Was this page helpful? SHARE FEEDBACK Loading...