SSLCIPH (JANUS DEFINE parameter): Difference between revisions
m (moved SSLCIPH to SSLCIPH (JANUS DEFINE parameter)) |
mNo edit summary |
||
Line 2: | Line 2: | ||
<span class="pageSubtitle"><section begin="desc" />SSLCIPH xxx -- limit SSL ciphers offered by this port<section end="desc" /></span> | <span class="pageSubtitle"><section begin="desc" />SSLCIPH xxx -- limit SSL ciphers offered by this port<section end="desc" /></span> | ||
SSLCIPH is a parameter on [[JANUS DEFINE]], which defines and sets characteristics of a Janus port. See the [[JANUS DEFINE#parmlist|List of JANUS DEFINE parameters]]. | <var>SSLCIPH</var> is a parameter on [[JANUS DEFINE]], which defines and sets characteristics of a Janus port. See the [[JANUS DEFINE#parmlist|List of JANUS DEFINE parameters]]. | ||
This parameter lets you limit the stream ciphers (encryption algorithms) that this port offers for SSL connections. A Janus port whose definition includes an [[SSL]] parameter supports | This parameter lets you limit the stream ciphers (encryption algorithms) that this port offers for SSL connections. A Janus port whose definition includes an <var>[[SSL (JANUS DEFINE parameter)|SSL]]</var> parameter supports <var class="product">[http://sirius-software.com/maint/download/jansslr.pdf Janus Network Security]</var> SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encrypted connections. | ||
Typically, SSLCIPH is allowed to default to 0: all the Janus-supported ciphers are available, and the cipher that is ultimately used depends on the outcome of the handshake negotiation with the client that seeks the service at this port. The negotiation selects the strongest available cipher that the client can support. | Typically, <var>SSLCIPH</var> is allowed to default to 0: all the Janus-supported ciphers are available, and the cipher that is ultimately used depends on the outcome of the handshake negotiation with the client that seeks the service at this port. The negotiation selects the strongest available cipher that the client can support. | ||
However, to make only a subset of the server ciphers available, you can specify SSLCIPH followed by the (bitmask) value that selects the subset. For example, SSLCIPH 2 indicates that only strong RC4 encryption is available. | However, to make only a subset of the server ciphers available, you can specify <var>SSLCIPH</var> followed by the (bitmask) value that selects the subset. For example, <code>SSLCIPH 2</code> indicates that only strong RC4 encryption is available. | ||
Currently, these ciphers are supported: | Currently, these ciphers are supported: | ||
Line 19: | Line 19: | ||
</td></tr></table> | </td></tr></table> | ||
SSLCIPH is valid for SRVSOCK, WEBSERV, OPENSERV and SDS port types. | <var>SSLCIPH</var> is valid for SRVSOCK, WEBSERV, OPENSERV and SDS port types. | ||
== | ==See also== | ||
<ul> | |||
<li>[[List of Janus commands]] | |||
<li>[[JANUS DEFINE#parmlist|List of JANUS DEFINE parameters]] | |||
</ul> | |||
[[Category:JANUS DEFINE parameters|SSLCIPH]] | [[Category:JANUS DEFINE parameters|SSLCIPH]] |
Revision as of 01:03, 28 February 2012
<section begin="desc" />SSLCIPH xxx -- limit SSL ciphers offered by this port<section end="desc" />
SSLCIPH is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port. See the List of JANUS DEFINE parameters.
This parameter lets you limit the stream ciphers (encryption algorithms) that this port offers for SSL connections. A Janus port whose definition includes an SSL parameter supports Janus Network Security SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encrypted connections.
Typically, SSLCIPH is allowed to default to 0: all the Janus-supported ciphers are available, and the cipher that is ultimately used depends on the outcome of the handshake negotiation with the client that seeks the service at this port. The negotiation selects the strongest available cipher that the client can support.
However, to make only a subset of the server ciphers available, you can specify SSLCIPH followed by the (bitmask) value that selects the subset. For example, SSLCIPH 2
indicates that only strong RC4 encryption is available.
Currently, these ciphers are supported:
1 | RC4 bulk cipher with MD5 digest algorithm with 40 bits of the 128 bit RC4 key transmitted encrypted, the rest transmitted "in the clear" (unencrypted). This is considered a moderately strong encryption algorithm and is available on virtually every client implementation of SSL. |
---|---|
2 | RC4 bulk cipher with MD5 digest algorithm with all 128 bits of the RC4 key transmitted encrypted. This is considered a very strong encryption algorithm but is only available on clients that have been specially configured to support this cipher. This encryption level is not available for export from the United States. |
SSLCIPH is valid for SRVSOCK, WEBSERV, OPENSERV and SDS port types.