Layer7 API Management

  • Private Community
 View Only

  • 1.  Updating cipher suites in Route via HTTP(s) assertion

    Posted Jan 30, 2025 01:45 AM
    There is an urgent need to update cipher suites in the Route via HTTP(s) assertion for >1200 APIs. 
    This is to resolve this error:
    Problem routing to https://<URL>:8443/api/webportal/api/merchants/block-merchant-efs. Error msg: Unable to obtain HTTP response from https://URL:8443/api/webportal/api/merchants/block-merchant-efs: Received fatal alert: handshake_failure 
    Does updating cipher suites in Manage Listen Ports > SSL/TLS Settings tab resolve the error seen above?
    If not, is there a faster way to update the cipher suites for all 1200 APIs?
     
    Regards,
    Ain


  • 2.  RE: Updating cipher suites in Route via HTTP(s) assertion

    Posted Jan 30, 2025 02:05 PM

    Hello Ain Abdullah, 

    This should be possible with graphman. 

    If you use Route via HTTP with the default tls configuration, you won't get any tls properties in the export. But if you change the tls configuration, graphman export will give you an additional attribute called tlsCipherSuites. 

    I did a quick test and saw the following diff. 

    The same should be ok with the restman. 

    Br,
    Mesut


    Original Message


  • 3.  RE: Updating cipher suites in Route via HTTP(s) assertion
    Best Answer

    Broadcom Employee
    Posted Jan 30, 2025 02:17 PM

    We're adding an enhancement in 11.1.2 to allow customers to set default cipher lists for inbound and/or outbound TLS globally via cluster-wide properties. Until then, you can open a support case to request a hotfix with similar behavior.



    ------------------------------
    Ben Urbanski
    Product Manager, API Gateway
    Layer7 API Management
    ------------------------------

    Original Message