When a TLS or SSL connection is established, the client and server negotiate a cipher suite, exchanging cipher suite codes in the client hello and server hello messages. The cipher suite specifies a combination of cryptographic algorithms to be used for the connection.
By default, a strong cipher suite is set in ConfigSSL.cnf, as follows:
[SSL_METHOD] INITIATE_SIDE = v3 RECEIVE_SIDE = v3 # Optional [CIPHER] INITIATE_SIDE = ALL:!ADH:!LOW:!EXP:MD5:@STRENGTH RECEIVE_SIDE = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
You can use various other suites, depending on whether you are using TLSv1 or SSLv3.
For more information about using cipher suites, see the CA XCOM Data Transport for UNIX and Linux User Guide.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|