Forum

Ciphers Option

Nitsua
26 May 2013, 20:46
It would be a nice option to be able to choose cipher suites for SSL in the config

In our environment we have IPS devices that do decryption but they only support RSA. Additionally, we also have web servers that have to meet FIPS compliance.

Hiawatha version: 9.1
Operating System: Ubuntu 13.04
Hugo Leisink
26 May 2013, 21:15
The cipher suite that Hiawatha uses is secure, so there is no need to change it. But, if you really want to change them, take a look at src/ssl.c, starting at line 48. Be careful when changing those. Make sure you know what you are doing. Specially for TLS 1.1 (see line 363).
Nitsua
27 May 2013, 14:31
Yes, thank you. I've read the several posts on about the chosen cipher suites, and I do recognize they are secure any why they are chosen. Generally speaking, they are what I'd choose. However, there are some specific reasons why environments may want to only deploy a restricted cipher suite, thus my request. Editing the source is fine for me, but may not be for everyone. :-)

Thanks again for all your efforts and contributions to the community!
This topic has been closed.