SSL accepted versions and cipher strength in Parallels Remote Application Server

0 users found this article helpful

Information

Parallels Remote Application Server provides ability to enforce and use specific versions of SSL, as well as allowing custom configuration of cipher strength.

This article explains how to configure the cipher strength when a Gateway SSL or Direct SSL connection from a Remote Application Server Client is established against a Secure Client Gateway.

The configuration is available in Secure Gateway Properties and may be found under the SSL/TLS tab:

The following accepted SSL versions are available:

These options allow an administrator to choose the preferred version and protect against vulnerabilities discovered in older versions of SSL.

In addition, it is possible to configure cipher strength. All the available options are based on OpenSSL standards, documented here.

As mentioned in the OpenSSL documentation, the cipher strength options provided within the Remote Application Server are as follows:

An additional configurable part is inputting a custom cipher string:


A cipher string can be constructed by linking different cipher parameters from the list available here.

For example, the following cipher: !SSLv2:ALL:!DH:!ADH:!EDH:!MD5:!EXPORT:@SPEED has the following parameters defined:

Documentation on ciphers and their possible configurations is available here:

https://www.openssl.org/docs/apps/ciphers.html

Detailed information about Cipher Suites is available in this article.

It is possible to check the current cipher strength for all gateways quickly in the Information pane > Site Information tab:

Was this article helpful?

Tell us how we can improve it.