Enforce TLS1.2

SachinPo555 · October 27, 2023, 8:34am

Hi all,

I am using django web server for my application and wish to enforce TLS1.2 connections only.

Can anyone please help ?

Thanks in advance.

KenWhitesell · October 27, 2023, 12:22pm

There is no “Django web server”. In a production environment, you would be running Django behind something like nginx or apache forwarding traffic through gunicorn or uwsgi. It is those components that would be configured to enforce TLS1.2

SachinPo555 · October 27, 2023, 3:32pm

Pardon my limited understanding here, but I am running the python manage.py runsslserver command to spin the application up in prod… the server is a Google cloud VM and OS is RHEL7. Which on would it be using for routing the traffic ?

KenWhitesell · October 27, 2023, 4:03pm

Are you referring to django-sslserver · PyPI ?

If so, this is the package where the very first line of the documentation says:

Django SSL Server is a SSL-enabled development server for the Django Framework.

and the first sentence of the second paragraph says:

Please note that this should not be used for production setups.

[emphasis added on each]

Do yourself a favor, start by reading How to deploy Django | Django documentation | Django and pick a different server for implementation.