Hello there,
We need to be able to disableTLS 1.0 and to disable Cipher Algorithms suite with 64 bits blocks on Galaxy Hosting.
Any clue?
Thank you so much.
Boosting this. Federal requirements are deprecating TLS 1.0 and 1.1 as having security gaps. Recommended cybersecurity best practices are apparently TLS 1.2 now.
Opa! Apparently I’m blind and/or never scroll that far down the config page.
That being said, change the setting, and am still getting the error. 
Starting/stopping servers to see if I can get it to work, but no dice yet.
I answered a similar question on the forum just now, I’ll post it here too…
We are not blocking these requests on the first proxy layer as we still have applications running on these legacy versions.
We are working on migrating clients that use TLS in version 1.0 and 1.1… so that we can disable this from our first layer which is the proxy.
But if your app is set to Minimum 1.2 in the Galaxy settings, we do block the request before it reaches your app.
There is something I usually send to clients to assure compliance.
If you run this code by passing in your app’s “URL”, you’ll see that requests with TLS below 1.2 will be refused if the Security > “Minimum 1.2” option in your app on Galaxy is enabled.
var https = require('https')
var options = {
hostname: 'YOUR HOSTNAME WITHOUT HTTPS',
port: 443,
method: 'GET',
secureProtocol: "TLSv1_method"
}
https.request(options, res => {
let body = ''
res.on('data', d => body += d)
res.on('end', () => {
data = JSON.parse(body)
console.log('SSL Version: ' + data.tls_version)
})
}).on('error', err => {
// This gets called if a connection cannot be established.
console.warn(err)
}).end()
Best Regards,
Philippe
2 Likes