How to configure the minimum TLS version on port 21150

harrdou · May 13, 2020, 9:23pm

Hi;
I have set the minimum TLS version on my Couchbase server (6.5) to tlsv1.2 following the instructions here.

After making the change, most of the Couchbase ports are now only accepting TLSv1.2 connections, as expected,

However, for some reason port 21150 (Cluster Management Exchange) is still accepting TLSv1.0 and TLSv1.1 connections.

Is there an additional step needed to disable TLS v1.0 and v1.1 for the entire server?

ianmccloy · September 18, 2021, 6:45pm

Port 21150 is an internal network connection between Couchbase Server nodes, as such it will automatically use the highest available level of TLS when the connection is negotiated. We have also gone ahead and always set the TLS for this port to be 1.2 as a minimum from version 6.6.2 and later.

Thank you,
Ian McCloy, Principal Product Manager, Couchbase