The Appliance has been configured to deny administration from your location (54.221.136.62). SSL Client Ciphers
Logo

Search Appliance


 

Thunderstone Search Appliance Manual

<<Previous: SSL Client Protocols ↑Up: Advanced Walk Settings Next>>: SSL Use SNI

SSL Client Ciphers

 

Which SSL ciphers to allow for client HTTPS/SSL connections when walking or performing results authorization, i.e. for connections from the Search Appliance to remote https:// URLs. The default (if empty) is the OpenSSL default list for the current OpenSSL client (Texis) library. Some SSL ciphers may be known to be vulnerable, and administrators may wish to disable them via this setting.

Modifying - specifically, shortening - the cipher list is also a way to connect to long-handshake-intolerant HTTPS servers. These servers cannot handle an SSL ClientHello message longer than 255 bytes, and time out when receiving one (e.g. with Timeout completing SSL handshake ... errors). The default OpenSSL cipher list may cause the ClientHello message to exceed 255 bytes, triggering this intolerance in such servers. By setting a shorter cipher list, the ClientHello message can be shortened and the connection established. Disabling SNI via SSL Use SNI (here) is another way to shorten the ClientHello message.

Note: To change the server-side SSL ciphers accepted by the Search Appliance - e.g. for admin, search, Dataload etc. - see HTTPS/SSL Ciphers under System Wide Settings.


Copyright © Thunderstone Software     Last updated: May 9 2017

<<Previous: SSL Client Protocols ↑Up: Advanced Walk Settings Next>>: SSL Use SNI

Page generated in 0.17 seconds.
2017-12-15 16:31:01 EST