![SWTB_logo_rgb_color_mode-wPadding-2000x961.png]](https://help.softwaretoolbox.com/hs-fs/hubfs/SWTB_General/Images/Press_Kit/SWTB_logo_rgb_color_mode-wPadding-2000x961.png?height=50&name=SWTB_logo_rgb_color_mode-wPadding-2000x961.png){kind=logo}
TLS/SSL in OPC Router is handled by the underlying operating system, not by OPC Router itself. Because of this, there will be slight differences in what’s supported between a Windows deployment and a containerized (Linux-based) deployment.
The current, official container image is based on Ubuntu 22.04.5 and uses OpenSSL 3.0.2 to handle encrypted connections. OpenSSL uses a “security level” setting to determine what cryptographic ciphers are allowed. This is referred to as “SECLEVEL” in the configuration and has a default level of 2. A SECLEVEL of 2 requires cryptographic parameters of at least 112 bits. While this does not explicitly ban TLS 1.0 and 1.1, they often depend on outdated ciphers that do not meet the minimum requirements. This effectively leaves TLS 1.2 as the lowest supported version.
How to Verify Your Container’s Configuration
You can confirm the version of OpenSSL in use and the security level of your container with the following steps.
- Open a bash shell for the running instance of your container:
docker exec -it <container name> bash
- Check the OpenSSL version:
openssl version
- Display the contents of the OpenSSL configuration file:
cat /etc/ssl/openssl.cnf
Near the bottom of this file, you will find “system_default_sect”, which controls the security policy. The default for this setting is:
Once you've determined the version of OpenSSL in use and your security level setting, you can determine what cryptographic parameters are supported by referencing the OpenSSL documentation here: https://docs.openssl.org/