To configure a listener to force the use of a cipher suite list:
- Open the Enterprise Server Administration page.
- Click
Edit next to the region you want to configure a listener for.
- Click the
Listeners tab.
- Click
Edit on the row containing the listener you want to configure.
- In the
Endpoint options group, check
Secure Sockets Layer.
- In the
Certificate field, type the full path to the certificate.
- In the
Keyfile field, type the full path to the keyfile.
- Click
Options.
This opens the SSL Options page.
- By default, the
TLS honor server cipher list is checked. This forces clients to use the protocols and cipher suites specified in order of their priority.
Note: If the
TLS protocols and
Cipher suites list are not specified then it uses the default. See
Configuring a TLS Protocols List
and
Configuring a Cipher Suites List
for more information.
- In the
TLS protocols field, type the list of protocols in order of priority, for example:
-ALL+SSL3+TLS1
- In the
Cipher suites field, type the list of cipher suites in order of priority, for example:
HIGH:!SSLv2:!RC4:!aNULL@STRENGTH
- Click
OK.
See
SSL Options for more information on configuration options.