Today, March 1st, 2018, support for TLS 1.0 and 1.1 has ended, with some exceptions.
TLS 1.0 and 1.1 are going away on Compose. As part of an IBM Cloud-wide clear out of the older encryption protocols, announced in November 2017 all TLS 1.0 and 1.1 support has been turned off.
sidenote-right SSL was the original name for secure connections on the web but it seamlessly merged with its replacement, TLS and eventually, all the SSL schemes were retired. Treat SSL as a synonym for TLS. At Compose, we still badge services as using SSL, despite the connections actually being TLS, because of that recognition.
Affected services include Compose's MongoDB, Elasticsearch, Redis, RethinkDB, Scylla, RabbitMQ, etcd3, and JanusGraph where TLS/SSL connections are available and, generally, the default. It also encompasses the Compose API.
There are two exceptions, PostgreSQL and Compose for MySQL Beta.
PostgreSQL: Compose PostgreSQL uses a passthrough HAproxy connection allowing the database to handle the TLS connection directly. This means, though, that removing TLS 1.0 and 1.1 would require a full database restart. To allow you to maintain control of when that restart happens, we are planning to incorporate the TLS 1.0/1.1 removal in future PostgreSQL update made available after March 1st.
Compose for MySQL Beta: Compose for MySQL Beta also uses a passthough HAproxy connection that allows the database to handle TLS connections directly. Unlike PostgreSQL, some engineering will be required to enable TLS 1.2 for Compose for MySQL Beta. We aim to enable TLS 1.2 and disable TLS 1.0/1.1 before the product leaves beta.
Provided you are running an up to date operating system and driver stack, it is likely nothing will need to be done. Your systems are likely already using TLS 1.2, the most recent version and will continue to do so.
If not, and you are not running TLS 1.2, you will experience an inability to establish new connections. If this is the case, update either your drivers or operating system to ensure they are TLS 1.2 capable and check your applications are not forcing your connections to use TLS 1.1. For further advice in this situation, raise a ticket with Compose Support for assistance.
Read more articles about Compose databases - use our Curated Collections Guide for articles on each database type. If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at firstname.lastname@example.org. We're happy to hear from you.