DEV Community

Lulu
Lulu

Posted on

How to Set Up SSL Protocols and Cipher Suites with SafeLine WAF

SSL Protocol and Cipher Configuration Guide for SafeLine

SafeLine allows you to configure SSL protocols and encryption settings for your web applications. Below are the steps for setting up SSL certificates, adjusting SSL protocol versions, and customizing SSL cipher suites.

SSL Certificate Configuration

If your site requires HTTPS access, you can enable SSL by uploading an SSL certificate when configuring the corresponding port.
Image description

SSL Protocol Version Configuration

SafeLine supports several SSL and TLS protocol versions. You can modify the SSL version in the SSL Protocol section, choosing from:TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 SSLv2 SSLv3

Image description

SSL Cipher Configuration

In some cases, specific SSL encryption algorithms may need to be adjusted due to security concerns or vulnerabilities. SafeLine allows for custom SSL cipher suites. Here are some commonly used SSL cipher combinations:

  • Nginx Official Example: AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5
  • Cloudflare Recommended: [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES
  • Mozilla Modern (TLS 1.3): TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
  • Mozilla Intermediate (TLS 1.2): ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
  • Mozilla Old Backward Compatibility (TLS 1.0 - 1.2): ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
  • Cipherli Recommendation: EECDH+AESGCM:EDH+AESGCM
  • High-Strength Cipher Suite: HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4:!RSA

By customizing these configurations, you can ensure a secure and optimized SSL setup tailored to your application’s requirements.

Top comments (0)