|
|||||
|
|
||||
You can select your SSL Security Level, per domain, in the Domain Administration section of SiteWinder.
The following levels are supported:
All domains have been set to the Medium level by default, eliminating any Export-level ciphers and of course SSLv2.
For internal systems which do not require access by the public, you can now easily switch to the strongest level of encryption available. All new browsers, iPad, iPhone and Android devices already work with our High-Encryption level, but for public-facing systems, Internet Explorer 6 is still used by 2-3% of the general internet so we recommend Medium level for now.
For the absolute highest SSL security, we have two additional levels of security available on Tomcat 7 / JDK 1.7 JVMs, but Tomcat does not currently support them so they are disabled for now. With a specially rebuilt version of Tomcat we have achieved a score of 98 at SSL Labs (currently the highest in the world) and can offer that version on demand (contact Metawerx Support). A score of 100 is also theoretically possible with this modified version, but SSL Labs currently cannot test a TLS 1.2-only server so a score of 98 is the maximum currently achievable.
Please note that this new option is only relevant for Metawerx-Managed Tomcat JVM customers. If you have a Semi-Managed or Self-Managed JVM, you will need to manually edit server.xml to alter the SSL security level. Please contact Metawerx Support in this case and we will help you to modify your JVM.
You can test your current SSL setup at SSL Labs
