Specifying TLS/SSL Minimum Allowed Version and Ciphers
Depending on your cluster configuration and the security practices in your organization, you might need to restrict the allowed versions of TLS/SSL used by Key Trustee Server. Older TLS/SSL versions might have vulnerabilities or lack certain features.
Specify one of the following values using the Minimum TLS Support configuration setting:
-
tlsv1
: Allow any TLS version of 1.0 or higher. This setting is the default when TLS/SSL is enabled. -
tlsv1.1
: Allow any TLS version of 1.1 or higher. -
tlsv1.2
: Allow any TLS version of 1.2 or higher.
AES256:CAMELLIA256-SHA
By default, the cipher list is empty, and Key Trustee Server uses the default cipher list for the underlying platform. See the output of man ciphers for the full set of keywords and notation allowed in the argument string.