01-30-2014 08:14 AM
I'm wanting to know if it's possible to change the list of accepted SSL ciphers and the priority of them on a per virtual-server basis. I'm guessing this isn't possible at the moment, but could it be added as a feature request?
01-31-2014 01:03 PM
I don't see a way to customize the SSL cipher priority unfortunately. The only options that may affect that are to enable FIPS Mode if you're running Stingray 9.5 or later (System -> Global Settings -> FIPS 140-2 Configuration) or to configure ssl_prefer_sslv3 in the Virtual Server SSL Decryption config.
A good way to submit a feature request is to click on the 'Create an idea' button and tell us why you want this feature.
04-18-2014 01:08 AM
Good news: This has been added in release 9.6. To quote the release notes:
Virtual Server & Pool Specific SSL/TLS Options
Configuration keys have been added to Pool and Virtual Server objects,
allowing the listing of the allowed SSL/TLS cipher suites in order of
preference and the specification of permitted SSL/TLS versions. By default the
globally configured settings are used. The new keys allow the behavior to be
overridden for individual Virtual Servers and Pools. The names of the new keys
They can be configured from the 'SSL Encryption' and 'SSL Decryption' sections
of the Administration UI for each Pool and Virtual Server, respectively, and
via the SOAP or REST APIs.