Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1391
Views
0
Helpful
1
Replies

sslconfig - Changing the cipher

knelson_ironport
Level 1
Level 1

‎07-10-2008 11:53 PM

Has anyone changed sslconfig Inbound/Outbound ciphers from the default (RC4-SHA:RC4-MD5:ALL) to something else? (NOTE: We are looking to adding DHE-RSA-AES-256-SHA as our number 1 choice.) Was there any added overhead when you made this change? If so how much?

Lastly, we have Preferred TLS set as the default connection type.

Labels:
0 Helpful
1 Reply 1

kluu_ironport
Level 2
Level 2

‎07-11-2008 01:15 AM

This kb article may give some insight on how to best order your ciphers, but it appears that you want a balance between the most commonly implemented ciphers in the industry and speed/security.

How to configure which protocols and ciphers to select on an Email Security Appliance (ESA)

http://tinyurl.com/2z4bpx


Has anyone changed sslconfig Inbound/Outbound ciphers from the default (RC4-SHA:RC4-MD5:ALL) to something else?  (NOTE: We are looking to adding DHE-RSA-AES-256-SHA as our number 1 choice.)  Was there any added overhead when you made this change? If so how much?

Lastly, we have Preferred TLS set as the default connection type.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents