SSLCipherSuite
The available ciphers to use to negotiate SSL connections. You can use this parameter to set an explicit list of ciphers to allow, or to disallow specific ciphers.
The parameter uses the OpenSSL cipher string format. For details of this format, see the documentation for OpenSSL (TLS 1.2 and earlier and TLS 1.3) or apache mod_ssl.
There is no default value for this parameter, which means that Records365 Connector uses the default cipher list.
If you set SSLCipherSuite
, but do not specify any valid ciphers for your SSLMethod, Records365 Connector does not start. For example, Records365 Connector does not start if you set SSLMethod to TLS1.3
, but SSLCipherSuite
contains only ciphers for TLS 1.2 or earlier. However, if SSLCipherSuite
includes both types of cipher, Records365 Connector ignores the ciphers that are not relevant to the SSLMethod.
NOTE: When SSLMethod is set to Negotiate
, you can set SSLCipherSuite
to use ciphers for only TLS 1.3 or for only TLS 1.2 or earlier. In this case, when Records365 Connector negotiates a SSL/TLS version that has configured ciphers, it uses only the allowed ciphers. However, when it negotiates a SSL/TLS version that has no configured ciphers, it uses the default cipher list.
Type: | String |
Default: | None |
Required: | No |
Configuration Section: | SSLOptionN |
Example: | SSLCipherSuite=DEFAULT:!RC4
|
See Also: | SSLConfig |