sslconfig - Changing the cipher

Unanswered Question
Jul 10th, 2008
User Badges:

Has anyone changed sslconfig Inbound/Outbound ciphers from the default (RC4-SHA:RC4-MD5:ALL) to something else? (NOTE: We are looking to adding DHE-RSA-AES-256-SHA as our number 1 choice.) Was there any added overhead when you made this change? If so how much?

Lastly, we have Preferred TLS set as the default connection type.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kluu_ironport Fri, 07/11/2008 - 01:15
User Badges:

This kb article may give some insight on how to best order your ciphers, but it appears that you want a balance between the most commonly implemented ciphers in the industry and speed/security.

How to configure which protocols and ciphers to select on an Email Security Appliance (ESA)

http://tinyurl.com/2z4bpx


Has anyone changed sslconfig Inbound/Outbound ciphers from the default (RC4-SHA:RC4-MD5:ALL) to something else?  (NOTE: We are looking to adding DHE-RSA-AES-256-SHA as our number 1 choice.)  Was there any added overhead when you made this change? If so how much?

Lastly, we have Preferred TLS set as the default connection type.

Actions

This Discussion