Encryption processes that are not purported by versiondog
The encryption is carried out using open SSL. OpenSSL is a free available implementation of the encryption protocols SSLÂ and TLS based on Open Source Software. The OpenSSL Library utilises various tools and is written in C programming language. It is widespread on web servers.
The following SSL Ciphers in versiondog are deactivated by default:
- EDH-RSA-DES-CBC-SHA
- DES-CBC-SHA
- Certificates based on RC4
- SEED
- IDEA
- Key size smaller than 128 Bit
AUVESY recommends to leave this default as unchanged and possibly to expand as unsafe unclassified SSL Ciphers when appropriate. SSLÂ Ciphers mentioned in this section can however be reactivated. (Not recommended), refer to FAQ.
How do I activate and deactivate SSLÂ Ciphers in the Web Server?
SSL Ciphers can be deactivated and activated in the Web Server’s configuration file. The file is located on the versiondog server in the path...vdServerArchiveVD$AwebServerConfig.ini
. In this section httpd
, you will find the parameterssl_cipherlist
.
```[httpd ]```
...
```ssl_cipherlist=default: !EDH-RSA-DES-CBC-SHA: !DES-CBC-SHA: !RC4: !SEED: !IDE A```
...
In this example, all  SSL Ciphers are allowed (default), except for EDH-RSA-DES-CBC-SHA, DES-CBC-SHA, every type of RC4 Cipher, SEED and IDEA. All banned SSL Ciphers have to be entered in this row via the Syntax!<Name>
and separated using a double colon. A complete list of all available Ciphers can be found on the following link: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html.