Information
In case you need to disable a particular SSL cipher, it can be done by adjusting it in RAS Console > Farm > Gateways > right-click on a Gateway > Properties > SSL/TLS > Cipher Strength.
For example, you want to use Medium Cipher Strength, excluding the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher.
Here how it's done:
-
Copy the Medium Cipher string:
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
- Add the following after !EXP: - !DES-CBC3-SHA:
-
End result should be like that:
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!DES-CBC3-SHA:RC4+RSA:+HIGH:+MEDIUM
In general, you should get the OpenSSL name of the cipher suite, and insert it into a string with an "!" before the name. OpenSSL name list for cipher suites is available here.
Was this article helpful?
Tell us how we can improve it.