For example,
Disable: MD5,3DES,SHA-1 Enable: AES128,AES256,SHA-2
OPDK version 15.07
1 Like
Dear @Akash Prabhashankar,
If SSL terminates at the router, then you need to set the supported ciphers in the Cipher element within the SSLInfo section of the virtual host. For ex:
If the ciphers/algorithms TLS_RSA_WITH_AES_256_CBC_SHA256 and TLS_RSA_WITH_AES_128_CBC_SHA256 are supported, then include them as shown below:
<VirtualHost name="https_vhost”>
<HostAliases>
<HostAlias>www.somehost.com</HostAlias>
</HostAliases>
<Interfaces/>
<Port>someport</Port>
<SSLInfo>
<Ciphers>
<Cipher>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</Cipher>
<Cipher>TLS_RSA_WITH_AES_128_CBC_SHA256</Cipher>
</Ciphers>
<ClientAuthEnabled>false</ClientAuthEnabled>
<Enabled>true</Enabled>
<IgnoreValidationErrors>false</IgnoreValidationErrors>
<KeyAlias>myKeyAlias</KeyAlias>
<KeyStore>myKeyStore</KeyStore>
<Protocols>
<Protocol>TLSv1</Protocol>
<Protocol>TLSv1.1</Protocol>
<Protocol>TLSv1.2</Protocol>
</Protocols>
</SSLInfo>
</VirtualHost>
Note: You can include any other Ciphers that you would like to enable/support under Cipher element. Just ensure the ciphers that you want to disable (unsupported) are not listed under Cipher element.
Thanks,
Amar
Thank you so much @AMAR DEVEGOWDA
@AMAR DEVEGOWDA does this require RMP restart?