SSL/TLS Connection Requirements for Syncari Database Synapses

Overview

To ensure secure and compatible connections between Syncari database connectors, the target database environment must meet modern SSL/TLS security standards. Failure to comply with these requirements can result in connection failures, handshake errors, or rejected certificates from modern clients such as Java 11+, browsers, and secure integration platforms.

This document outlines the minimum SSL/TLS configuration requirements.

Minimum SSL/TLS Requirements

1. Certificate Requirements

• Key Length: Minimum 2048-bit RSA key
• Signature Algorithm: Must use SHA-256 or stronger
• Certificate Type:
  • Trusted Certificate Authority (CA)-signed certificate is strongly recommended
  • Self-signed certificates are acceptable only if they meet modern cryptographic standards and are explicitly trusted by the client

2. Protocol Requirements

• Required Protocols:
  • TLS 1.2 (minimum required)
  • TLS 1.3 (recommended where supported)
• Disabled Protocols:
  • SSLv2 — prohibited
  • SSLv3 — prohibited (vulnerable to POODLE attack)
  • TLS 1.0 and TLS 1.1 — deprecated and should be disabled

Important: SSLv3 must be fully disabled and replaced with TLS 1.2 or TLS 1.3, which provide modern encryption, secure key exchange mechanisms, and resistance to known vulnerabilities.

3. Cipher Suite Requirements

• Must support modern TLS 1.2+ cipher suites, such as:
  • AES-GCM based cipher suites (e.g., TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
• Must NOT include:
  • CBC-mode cipher suites with SHA1 (deprecated)
  • RC4-based cipher suites (explicitly banned by RFC 7465)