[SERVER-14145] Restrict supported cipher over ssl Created: 03/Jun/14  Updated: 10/Dec/14  Resolved: 03/Jun/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.4.8
Fix Version/s: None

Type: Question Priority: Major - P3
Reporter: Erik Sodervall Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-10520 Add SSL cipher restriction capability Closed
Participants:

 Description   

Hi,

Is there a way to restrict the supported ciphers over ssl?

-Erik

Apache conf would look like this:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM



 Comments   
Comment by Eric Milkie [ 03/Jun/14 ]

See SERVER-10520 for details.

Comment by Eric Milkie [ 03/Jun/14 ]

Today, the Cipher Suite is always restricted to "HIGH:!EXPORT:!aNULL@STRENGTH". There is no way to change this value unless you recompile the server.
The protocol is set to prohibit SSLv2, which is I think what your Apache configure example is doing.

Generated at Thu Feb 08 03:33:59 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.