How to configure the minimum TLS version on port 21150

harrdou · May 13, 2020, 9:23pm

Hi;
I have set the minimum TLS version on my Couchbase server (6.5) to tlsv1.2 following the instructions here.

After making the change, most of the Couchbase ports are now only accepting TLSv1.2 connections, as expected,

However, for some reason port 21150 (Cluster Management Exchange) is still accepting TLSv1.0 and TLSv1.1 connections.

Is there an additional step needed to disable TLS v1.0 and v1.1 for the entire server?

ianmccloy · September 18, 2021, 6:45pm

Port 21150 is an internal network connection between Couchbase Server nodes, as such it will automatically use the highest available level of TLS when the connection is negotiated. We have also gone ahead and always set the TLS for this port to be 1.2 as a minimum from version 6.6.2 and later.

Thank you,
Ian McCloy, Principal Product Manager, Couchbase

Topic		Replies	Views
How to disable tls? Kubernetes	7	947	July 12, 2023
Error configuring syncgateway with external couchbase DB server Sync Gateway	2	24	September 23, 2024
SSL on couchbase server 2.5 (EE)? Couchbase Server	2	1094	May 12, 2017
Not able to enable Cluster encryption Couchbase Server	2	185	June 16, 2024
Couchbase7.0.3 can not connect via TLS? Couchbase Server python	3	1377	July 17, 2023

How to configure the minimum TLS version on port 21150

Related topics