Network security

Originally introduced in 4D v14 R4

Default settings for secure network communications have evolved in order to increase security levels: SSL v2 and SSL v3 protocols have been permanently disabled (hard-coded deactivation), due to their potential vulnerability. Only TLS v1 is now accepted by default.

These modifications are applied to all secure communications in 4D, including:

• HTTP server connections
• SQL server connections
• client/server connections
• HTTP client connections

As a result, you may need to upgrade your application requirements regarding the following connections:

• Browsers or HTTP clients that do not support TLS, such as IE6 or older, can no longer connect to a 4D Web Server/Service using the secure protocol (port 443).
• HTTP Get or HTTP Request commands can no longer connect in secure mode to servers which do not support TLS.

Originally introduced in 4D v14 R5

Network security features have been optimized to enable you to strengthen the protection for your 4D applications:

• Weak cipher list suites have been removed,
• The default 4D certificate key length has been increased to 2048 bits,
• You can now use your own encryption keys for secure communications.

These modifications concern the following secure connections:

• Client/server
• SQL server
• HTTP client