vADC Forum

Reply
Occasional Contributor
Posts: 9
Registered: ‎04-26-2013

Changing priority of SSL ciphers on a per virtual-server basis

I'm wanting to know if it's possible to change the list of accepted SSL ciphers and the priority of them on a per virtual-server basis. I'm guessing this isn't possible at the moment, but could it be added as a feature request?

Cheers,

Andrew

Contributor
Posts: 82
Registered: ‎11-29-2012

Re: Changing priority of SSL ciphers on a per virtual-server basis

Hi Andrew,

I don't see a way to customize the SSL cipher priority unfortunately.  The only options that may affect that are to enable FIPS Mode if you're running Stingray 9.5 or later (System -> Global Settings -> FIPS 140-2 Configuration) or to configure ssl_prefer_sslv3 in the Virtual Server SSL Decryption config.

A good way to submit a feature request is to click on the 'Create an idea' button and tell us why you want this feature.

Faisal

Occasional Contributor
Posts: 55
Registered: ‎06-28-2012

Re: Changing priority of SSL ciphers on a per virtual-server basis

Good news: This has been added in release 9.6.  To quote the release notes:

Virtual Server & Pool Specific SSL/TLS Options

  Configuration keys have been added to Pool and Virtual Server objects,
  allowing the listing of the allowed SSL/TLS cipher suites in order of
  preference and the specification of permitted SSL/TLS versions. By default the
  globally configured settings are used. The new keys allow the behavior to be
  overridden for individual Virtual Servers and Pools. The names of the new keys
  are
    - 'ssl_ciphers'
    - 'ssl_support_ssl2'
    - 'ssl_support_ssl3'
    - 'ssl_support_tls1'
    - 'ssl_support_tls1_1'
  They can be configured from the 'SSL Encryption' and 'SSL Decryption' sections
  of the Administration UI for each Pool and Virtual Server, respectively, and
  via the SOAP or REST APIs.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.