- Issue command "OPENSSL CIPHERS" from your XCOM directory to list available ciphers.
For example, if the first line of the output of the command shows, DHE-RSA-AES256-SHA
The third field will show the cipher that is being used for data encryption (in this example it is AES256).
- In the XCOM configssl.cnf file there are the following parameters:
INITIATE_SIDE = ALL:!ADH:!LOW:!EXP:MD5:@STRENGTH
RECEIVE_SIDE = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
Meaning of values:
ALL = use all ciphers provided
!ADH: !LOW:!EXP = do not use these ciphers. (The '!' is equivalent to a NOT.
MD5 = indicates use this cipher
@STRENGTH = indicates use the strongest cipher of all other ciphers not excluded
3. You may choose a cipher by editing the CIPHER section in the configssl to one of the following values:
- specifying the specific cipher as a value. e.g.: INITIATE_SIDE=3DES
- not specifying the specific cipher as a value. e.g.: