SSL Protocol and Cipher Configuration Guide for SafeLine
SafeLine allows you to configure SSL protocols and encryption settings for your web applications. Below are the steps for setting up SSL certificates, adjusting SSL protocol versions, and customizing SSL cipher suites.
SSL Certificate Configuration
If your site requires HTTPS access, you can enable SSL by uploading an SSL certificate when configuring the corresponding port.
SSL Protocol Version Configuration
SafeLine supports several SSL and TLS protocol versions. You can modify the SSL version in the SSL Protocol section, choosing from:TLSv1
TLSv1.1
TLSv1.2
TLSv1.3
SSLv2
SSLv3
SSL Cipher Configuration
In some cases, specific SSL encryption algorithms may need to be adjusted due to security concerns or vulnerabilities. SafeLine allows for custom SSL cipher suites. Here are some commonly used SSL cipher combinations:
-
Nginx Official Example:
AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5
-
Cloudflare Recommended:
[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES
-
Mozilla Modern (TLS 1.3):
TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
-
Mozilla Intermediate (TLS 1.2):
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
-
Mozilla Old Backward Compatibility (TLS 1.0 - 1.2):
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
-
Cipherli Recommendation:
EECDH+AESGCM:EDH+AESGCM
-
High-Strength Cipher Suite:
HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4:!RSA
By customizing these configurations, you can ensure a secure and optimized SSL setup tailored to your application’s requirements.
Top comments (0)