Configuring Cipher Suites
The
Cipher Suites
HTTPS cluster parameter lists the supported encryption algorithms for incoming
HTTPS requests. If a client request comes into Equalizer that does not use a cipher in this list, the
connection is refused. If this field is blank, then any cipher suite supported by Equalizer’s SSL
implementation (or by Hardware SSL Acceleration, when enabled) will be accepted.
To view or set the
Cipher Suites
field for a cluster, click on the cluster name in the left navigational
pane, select the HTTPS cluster, and then select the
Security > SSL tab
in the right pane.
Default Cipher Suites
The following default setting for cipher suite is used:
AES128-SHA:DES-CBC3-SHA:RC4-SHA:RC4-MD5:AES256-SHA
For an Equalizer with hardware acceleration enabled, the following default value is used:
DES-CBC3-SHA:RC4-SHA:RC4-MD5:AES256-SHA
See
"Replacing the Default Certificate, Key, and Cipherspec"
on page 61 for descriptions on replacing the
default cipher suite.R
Updating the Cipher Suites Field
This field can be used to specify a custom cipher suite required by the servers in a cluster. In
general, to add a cipher suite, you specify a plus sigh (+) and then the name of the suite. To
specifically exclude a cipher suite, use an exclamation point (!).
For example, SSLv2 encryption is supported by default. If your servers are required to support
medium and high encryption using SSLv3 only, you can add “!SSLv2” to cipher suite. For example,
the following cipher suite string will cause all non-SSLv3 client requests to be refused:
AES128-SHA:DES-CBC3-SHA:RC4-SHA:RC4-MD5:AES256-SHA:!SSLv2:+SSLv3
The
Cipher Suites
field requires a string in the format described in the OpenSSL cipher suite
documentation, at:
http://www.openssl.org/docs/apps/ciphers.html
Copyright © 2014 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
All Rights Reserved.
811
Equalizer Administration Guide
Содержание Equalizer GX Series
Страница 18: ......
Страница 32: ...Overview 32 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 42: ......
Страница 52: ......
Страница 64: ......
Страница 72: ......
Страница 76: ......
Страница 123: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 123 Equalizer Administration Guide ...
Страница 228: ......
Страница 238: ......
Страница 411: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 411 Equalizer Administration Guide ...
Страница 459: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 459 Equalizer Administration Guide ...
Страница 476: ......
Страница 492: ......
Страница 530: ......
Страница 614: ......
Страница 626: ......
Страница 638: ......
Страница 678: ......
Страница 732: ...Using SNMP Traps 732 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 754: ......
Страница 790: ......
Страница 804: ......
Страница 842: ......
Страница 847: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 847 Equalizer Administration Guide ...
Страница 866: ......