Appian Cloud allows customers to configure HTTPS access to sites using two different TLS policies - TLS 1.2 and TLS 1.2 with forward secrecy only. The recommended TLS policy for most sites is TLS 1.2, as it offers the security of TLS 1.2 with forward-secrecy, while maintaining compatibility with older systems that do not support forward-secrecy. This article outlines the differences between these two policies so that customers can determine the correct TLS policy for their needs.
The TLS 1.2 policy requires users to access the site using TLS 1.2. This policy supports the use of forward-secrecy cipher suites for clients that support it, but can fall back to TLS 1.2 cipher suites without forward-secrecy in order to support older HTTPS clients. This is the default cipher suite for sites in Appian Cloud.
This policy is similar to the TLS 1.2 policy, but it only allows clients to access sites using cipher suites that have forward-secrecy enabled. Additionally, this policy disables cipher suites that include the CBC block cipher. This policy can be enabled upon customer request by creating an Appian Support case.
The following table shows a side-by-side comparison of the cipher suites supported by each of Appian Cloud's TLS policies.
This article applies to all versions of Appian Cloud.
Last Reviewed: January 2021
© 2021 Appian. All rights reserved.