Coveo for Sitecore v5 is now available!

SSL/TLS Support

When establishing an HTTPS connection with a system, it may use different protocols. This topic describes which protocols are supported by the various releases of Coveo for Sitecore, Coveo Cloud platform, and Coveo Enterprise Search 7.

Support in Coveo for Sitecore

Coveo for Sitecore release SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2
Starting April 2016 (4.0.171) Yes Yes * *
Starting October 2016 (4.0.450) Yes Yes Yes Yes

* The protocol is supported by installing an additional Sitecore package. See the the next section for instructions.

Installing the Enable_TLS_1_2.zip package

The Enable_TLS_1_2.zip package allows Coveo for Sitecore to use the TLS 1.1 and/or TLS 1.2 protocols when establishing an HTTPS connection.

  1. Download the package: Enable_TLS_1_2.zip.
  2. Open Sitecore’s Installation Wizard (Sitecore Menu > Developers Tools > Installation Wizard).
  3. Upload and install the package.

The package will deploy two files:

  • App_Config\Include\EnableTls12.config: This file registers a processor into the initialize Sitecore pipeline that then allows the TLS 1.1 and/or 1.2 to be used by the application.
  • bin\EnableTls12.dll: This assembly contains the processor.

The EnableTls12.config file can be modified to allow only TLS 1.1 or TLS 1.2. Please note that the processor can either enable a protocol or leave the default; it will not disable any protocol.

<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
  <sitecore>
    <pipelines>
      <initialize>
        <processor type="EnableTls12.EnableTls12Processor, EnableTls12">
          <EnableTls1_1>true</enableTls1_1>
          <EnableTls1_2>true</enableTls1_2>
        </processor>
      </initialize>
    </pipelines>
  </sitecore>
</configuration>

For instance, to enable only the TLS 1.2 protocol, set the elements as follow:

<EnableTls1_1>false</enableTls1_1>
<EnableTls1_2>true</enableTls1_2>

Support in Coveo Cloud Platform

Coveo Cloud Platform SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2
As of November 2017 No No Yes Yes

Support in Coveo Enterprise Search 7 (CES 7)

Coveo Enterprise Search 7 release SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2
Starting March 2016 (7.0.8225) Yes Yes Yes Yes

Ensure that all available ciphers in the red rectangle are enabled on the CES server. For Windows Server 2012 R2 and earlier, TLS_PSK cipher suites are not available and not required (see Microsoft’s Cipher Suites in TLS/SSL). It is recommended to use IIS Crypto to examine the security protocols and ciphers.