For example,
Disable: MD5,3DES,SHA-1 Enable: AES128,AES256,SHA-2
OPDK version 15.07
Solved! Go to Solution.
Dear @Akash Prabhashankar,
If SSL terminates at the router, then you need to set the supported ciphers in the Cipher element within the SSLInfo section of the virtual host. For ex:
If the ciphers/algorithms TLS_RSA_WITH_AES_256_CBC_SHA256 and TLS_RSA_WITH_AES_128_CBC_SHA256 are supported, then include them as shown below:
<VirtualHost name="https_vhost”> <HostAliases> <HostAlias>www.somehost.com</HostAlias> </HostAliases> <Interfaces/> <Port>someport</Port> <SSLInfo> <Ciphers> <Cipher>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</Cipher> <Cipher>TLS_RSA_WITH_AES_128_CBC_SHA256</Cipher> </Ciphers> <ClientAuthEnabled>false</ClientAuthEnabled> <Enabled>true</Enabled> <IgnoreValidationErrors>false</IgnoreValidationErrors> <KeyAlias>myKeyAlias</KeyAlias> <KeyStore>myKeyStore</KeyStore> <Protocols> <Protocol>TLSv1</Protocol> <Protocol>TLSv1.1</Protocol> <Protocol>TLSv1.2</Protocol> </Protocols> </SSLInfo> </VirtualHost>
Note: You can include any other Ciphers that you would like to enable/support under Cipher element. Just ensure the ciphers that you want to disable (unsupported) are not listed under Cipher element.
Thanks,
Amar
Dear @Akash Prabhashankar,
If SSL terminates at the router, then you need to set the supported ciphers in the Cipher element within the SSLInfo section of the virtual host. For ex:
If the ciphers/algorithms TLS_RSA_WITH_AES_256_CBC_SHA256 and TLS_RSA_WITH_AES_128_CBC_SHA256 are supported, then include them as shown below:
<VirtualHost name="https_vhost”> <HostAliases> <HostAlias>www.somehost.com</HostAlias> </HostAliases> <Interfaces/> <Port>someport</Port> <SSLInfo> <Ciphers> <Cipher>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</Cipher> <Cipher>TLS_RSA_WITH_AES_128_CBC_SHA256</Cipher> </Ciphers> <ClientAuthEnabled>false</ClientAuthEnabled> <Enabled>true</Enabled> <IgnoreValidationErrors>false</IgnoreValidationErrors> <KeyAlias>myKeyAlias</KeyAlias> <KeyStore>myKeyStore</KeyStore> <Protocols> <Protocol>TLSv1</Protocol> <Protocol>TLSv1.1</Protocol> <Protocol>TLSv1.2</Protocol> </Protocols> </SSLInfo> </VirtualHost>
Note: You can include any other Ciphers that you would like to enable/support under Cipher element. Just ensure the ciphers that you want to disable (unsupported) are not listed under Cipher element.
Thanks,
Amar
Thank you so much @AMAR DEVEGOWDA
@AMAR DEVEGOWDA does this require RMP restart?
User | Count |
---|---|
7 | |
2 | |
2 | |
2 | |
1 |