Difference between version and version      View first change»»

Back to SSLCipherSelection, or SSLCipherSelection version history

At line 10 changed 3 lines.
* Low (40/56+ bit encryption, very old browsers in Export-Restricted countries)
* Medium (128+ bit encryption, default, IE6 support), 85-93 score on [SSL Labs|https://www.ssllabs.com/ssldb/index.html]
* High (256+ bit encryption, latest browsers only, no IE6 support), 89-97 score on [SSL Labs|https://www.ssllabs.com/ssldb/index.html]
* Low (40/56+ bit encryption, very old browsers in Export-Restricted countries, not recommended for production systems)
* Medium (128+ bit encryption, default, Internet Explorer on WinXP support), __A__ score on [SSL Labs|https://www.ssllabs.com/ssldb/index.html]
* High (256 bit only encryption, latest browsers only, no Internet Explorer support for WinXP), __A__ score on [SSL Labs|https://www.ssllabs.com/ssldb/index.html]
At line 14 changed 1 line.
All domains have been set to the Medium level by default, eliminating any Export-level ciphers and of course SSLv2.
All domains are set to Medium by default, eliminating Export-level ciphers and of course SSLv2.
At line 16 changed 1 line.
For internal systems which do not require access by the public, you can now easily switch to the strongest level of encryption available. All new browsers, iPad, iPhone and Android devices already work with our High-Encryption level, but for public-facing systems, Internet Explorer 6 is still used by 2-3% of the general internet so we recommend Medium level for now.
For internal systems which do not require access by the public, you can now easily switch to the strongest level of encryption available. All new browsers, iPad, iPhone and Android devices already work with our High-Encryption level, but for public-facing systems, Internet Explorer 6 is still used by 2-3% of the general internet, and many users use Internet Explorer with WinXP so we recommend Medium level for now.
At line 18 changed 1 line.
For the absolute highest SSL security, we have two additional levels of security available on Tomcat 7 / JDK 1.7 JVMs, but Tomcat does not currently support them so they are disabled for now. With a specially rebuilt version of Tomcat we have achieved a score of 98 at SSL Labs (currently the highest in the world) and can offer that version on demand (contact Metawerx Support). A score of 100 is also theoretically possible with this modified version, but SSL Labs currently cannot test a TLS 1.2-only server so a score of 98 is the maximum currently achievable.
For the absolute highest SSL security, we have two additional levels for PCI/FIPS support. High-1 works on Chrome and Opera, High-2 will only work with Opera as it requires TLS 1.2. These levels are only useful for systems where you have control over which browsers are used. Please contact us if you would like to activate these levels.
At line 20 changed 1 line.
Please note that this new option is only relevant for Metawerx-Managed Tomcat JVM customers. If you have a Semi-Managed or Self-Managed JVM, you will need to manually edit server.xml to alter the SSL security level. Please contact Metawerx Support in this case and we will help you to modify your JVM.
Please note that this new option is only relevant for Metawerx-Managed Tomcat JVM customers. If you have a Semi-Managed or Self-Managed JVM, you will need to manually edit server.xml to alter the SSL ciphers and security level. Please contact Metawerx Support if you need help.
At line 28 added 1 line.
* [Support Topics]
navigation
metawerx specific
search
Share
tools
help

referring pages

Share