You can select a preferred level of encryption for TLS connections by choosing a cipher strength.
| Cipher strength | Description |
|---|---|
| High |
Uses a list of high grade ciphers with key-length larger than 128 bits, and some cipher suites with 128-bit keys. Some clients connecting through TLS might stop working when this cipher strength is used. If you experience problems with this option, use Medium. |
| Medium |
Uses a list of ciphers with 128-bit encryption. This is the default option. |
| Any |
Uses a cipher string that includes all ciphers but excludes those cipher suites that offer no authentication or are export-grade ciphers, which are typically weak. If you have an older TLS client, you may need to use this option instead of Medium. |
| Custom (Experts only) |
Enables you to enter a Custom cipher set manually. The cipher string is not validated. We recommend that you only enter a Custom cipher set if you are familiar with correctly-formed cipher strings. For example, AES128-SHA256. Multiple cipher strings can be added - they should be comma-separated. |
To choose a TLS cipher strength:
- Click System > Encryption > TLS Configuration.
- Select the Settings tab.
- In the Minimum cipher strength panel, click Click here to change these settings.
-
Select a cipher strength.
For more information and examples of cipher sets and cipher suite names used for each strength level, please refer to the Open SSL Cryptography and SSL/TLS Toolkit: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html - Click Save.
- Apply the new configuration.