SSL Cipher Selection

You can select your SSL Security Level, per domain, in the Domain Administration section of SiteWinder.

The following levels are supported:

  • Low (40/56+ bit encryption, very old browsers in Export-Restricted countries, not recommended for production systems)
  • Medium (128+ bit encryption, default, Internet Explorer on WinXP support), A score on SSL Labs
  • High (256 bit only encryption, latest browsers only, no Internet Explorer support for WinXP), A score on SSL Labs

All domains are set to Medium by default, eliminating Export-level ciphers and of course SSLv2.

For internal systems which do not require access by the public, you can now easily switch to the strongest level of encryption available. All new browsers, iPad, iPhone and Android devices already work with our High-Encryption level, but for public-facing systems, Internet Explorer 6 is still used by 2-3% of the general internet, and many users use Internet Explorer with WinXP so we recommend Medium level for now.

For the absolute highest SSL security, we have two additional levels for PCI/FIPS support. High-1 works on Chrome and Opera, High-2 will only work with Opera as it requires TLS 1.2. These levels are only useful for systems where you have control over which browsers are used. Please contact us if you would like to activate these levels.

Please note that this new option is only relevant for Metawerx-Managed Tomcat JVM customers. If you have a Semi-Managed or Self-Managed JVM, you will need to manually edit server.xml to alter the SSL ciphers and security level. Please contact Metawerx Support if you need help.

You can test your current SSL setup at SSL Labs

See Also

metawerx specific

referring pages