Configuring a Listener to use TLS Protocols and Cipher Suites

To configure a listener to force the use of a cipher suite list:

  1. Open the Enterprise Server Administration page.
  2. Click Edit next to the region you want to configure a listener for.
  3. Click the Listeners tab.
  4. Click Edit on the row containing the listener you want to configure.
  5. In the Endpoint options group, check Secure Sockets Layer.
  6. In the Certificate field, type the full path to the certificate.
  7. In the Keyfile field, type the full path to the keyfile.
  8. Click Options.

    This opens the SSL Options page.

  9. By default, the TLS honor server cipher list is checked. This forces clients to use the protocols and cipher suites specified in order of their priority.
    Note: If the TLS protocols and Cipher suites list are not specified then it uses the default. The TLS protocols field now supports TLS1.3. See Configuring a TLS Protocols List and Configuring a Cipher Suites List for more information.
  10. In the TLS protocols field, type the list of protocols in order of priority, for example:
    -ALL+SSL3+TLS1
  11. In the Cipher suites field, type the list of cipher suites in order of priority, for example:
    HIGH:!SSLv2:!RC4:!aNULL@STRENGTH
  12. Click OK.

See SSL Options for more information on configuration options.