SSLCipherSuite

The available ciphers to use to negotiate SSL connections. You can use this parameter to set an explicit list of ciphers to allow, or to disallow specific ciphers.

The parameter uses the OpenSSL cipher string format. For details of this format, see the documentation for OpenSSL (TLS 1.2 and earlier and TLS 1.3) or apache mod_ssl.

There is no default value for this parameter, which means that Google Mail Connector uses the default cipher list.

If you set SSLCipherSuite, but do not specify any valid ciphers for your SSLMethod, Google Mail Connector does not start. For example, Google Mail Connector does not start if you set SSLMethod to TLS1.3, but SSLCipherSuite contains only ciphers for TLS 1.2 or earlier. However, if SSLCipherSuite includes both types of cipher, Google Mail Connector ignores the ciphers that are not relevant to the SSLMethod.

NOTE: When SSLMethod is set to Negotiate, you can set SSLCipherSuite to use ciphers for only TLS 1.3 or for only TLS 1.2 or earlier. In this case, when Google Mail Connector negotiates a SSL/TLS version that has configured ciphers, it uses only the allowed ciphers. However, when it negotiates a SSL/TLS version that has no configured ciphers, it uses the default cipher list.

Type: String
Default: None
Required: No
Configuration Section: SSLOptionN
Example: SSLCipherSuite=DEFAULT:!RC4
See Also: SSLConfig