Forum Discussion
11 Replies
Sort By
- Chris_Miller
Altostratus
Lowest I see through the "New SSL Certificate" section of the Config Utility is 512. You're talking about terminating SSL connections, right? - jco_105989
Nimbostratus
Right, - JRahm
Admin
Certificate key length supports 512-4096. Default ciphers in 10.2 no longer include MD5 hash: - jco_105989
Nimbostratus
Thanks for reply - L4L7_53191
Nimbostratus
Jco: that's the public key length, which is a different thing. The ciphers come into play after the negotiation takes place. The 256 encryption you're using is used for the encryption of the data - the handshake is used to negotiate the encryption cipher and length, which is where your 256 bits comes into play. - JRahm
Admin
Did you generate your key on the LTM? If so, you just need to import the certificate you purchased under Local Traffic->SSL Certificate List -> Import. If not, then you'll need to import both key & certificate (same location). Once that is in place, you'll need to create a clientssl profile that references your certificate. You can specify the cipher to be only AES256-SHA in the ssl profile ciphers section, but it's atypical to limit clients to just one, you might prevent some clients from connecting. Of course, if it's a security requirement for that particular application, then the clients will be knowledgeable on this I suppose, or at least the administrators of those clients will be. - jco_105989
Nimbostratus
What means when i set cipher value as DEFAULT ? - hooleylist
Cirrostratus
You can use tmm --clientciphers 'CIPHER_STRING' to see what ciphers will be included for a given cipher string. Here are a few related posts: - JRahm
Admin
Part 4 of the SSL Profiles series I'm writing summarizes a lot of this excellent information I've gleaned from the forums: - nitass
Employee
i usually set ciphers according to sol7815 which blocks anonymous ciphers and connections using 128-bit ciphers or less