Enable Web Application Firewall support to specify cipher strengths it can accept. Either cipher-by-cipher basis or on a weak/med/strong cat
Enable Web Application Firewall support to specify cipher strengths it can accept. Either cipher-by-cipher basis or on a weak/med/strong category.
Martin B commented
nowadays it should be normal, that you can set the used ciphers. Same goes for ciphers used by smtp over tls.
Adam Wilson commented
In this day and age where SSL ciphers are being frequently broken SysAdmins need the ability to respond to threats by tuning their supported ciphers instead of waiting for Sophos to do it "Real Soon Now". The default RC4 cipher is exploitable today and we have no way to make it the non-default cipher for TLS1.2 which supports the strongly secure AES128GCM cipher.
I work with an MSP company and this is a feature that we require for our customers.
Would love that feature, since NSA more then ever. RC4 becomes exploitable in the distant future.
This is probably needed for PCI compliance, unless the weak ciphers have already been disabled.
It would still make future PCI changes easier to deal with (e.g. when BEAST was discovered, etc.)