Encryption processes that are not purported by octoplant

The encryption is carried out using open SSL. OpenSSL is a free available implementation of the encryption protocols SSL and TLS based on Open Source Software. The OpenSSL Library utilises various tools and is written in C programming language. It is widespread on web servers.

The following SSL Ciphers in octoplant are deactivated by default:

• EDH-RSA-DES-CBC-SHA
• DES-CBC-SHA
• Certificates based on RC4
• SEED
• IDEA
• Key size smaller than 128 Bit

AUVESY recommends to leave this default as unchanged and possibly to expand as unsafe unclassified SSL Ciphers when appropriate. SSL Ciphers mentioned in this section can however be reactivated. (Not recommended), refer to FAQ.

How do I activate and deactivate SSL Ciphers in the Web Server?

SSL Ciphers can be deactivated and activated in the Web Server’s configuration file. The file is located on the octoplant server in the path...vdServerArchiveVD$AwebServerConfig.ini. In this section httpd, you will find the parameterssl_cipherlist.

```[httpd ]```
...
```ssl_cipherlist=default: !EDH-RSA-DES-CBC-SHA: !DES-CBC-SHA: !RC4: !SEED: !IDE A```
...

In this example, all  SSL Ciphers are allowed (default), except for EDH-RSA-DES-CBC-SHA, DES-CBC-SHA, every type of RC4 Cipher, SEED and IDEA. All banned SSL Ciphers have to be entered in this row via the Syntax!<Name>and separated using a double colon. A complete list of all available Ciphers can be found on the following link: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html.