New SSL Accepted Versions and Cipher Strength in 2X Remote Application Server v14
Posted by Christopher Flores on 01 April 2015 07:53 AM
v14 of 2X Remote Application Server introduced the ability to enforce and use specific versions of SSL as well as allowing the custom configuration of the Cipher Strength used. This article will cover how to configure the cipher strength used when a Gateway SSL or Direct SSL connection from a 2X Client is established against a 2X Secure Client Gateway.
2X Remote Application Server v14.0+
All configuration is poresent in the 2X Secure Client Gateway Properties and may be found under the SSL/TLS tab:
In v14, the following Accepted SSL Versions are available:
These options were made available to allow the administrator to choose which version is preferred and also to be protected against vulnerabilities discovered in older versions of SSL. One such vulnerability was the heartbleed vulnerability.
One additional inclusion was the possibility of configuring Ciphers Strength. All options available are based on OpenSSL standards as documented here. As per the OpenSSL documentation, the cipher strength options provided within 2X RemoteApplicationServer are as follows:
An additional configurable part is that of inputting a Custom Cipher String which allows the Administrator to specify a specific Cipher String for added security outlining specific Cipher Strings as per his requirements.
In order to view the string configured (between Low, Medium and High) as well as confirming whether a custom Cipher String is in effect, a simple check from the Information Pane > Site Information tab should show the current configuration:
A Cipher String can be constructed by concatenating different Cipher parameters from the list available here. For example, the following Cipher: !SSLv2:ALL:!DH:!ADH:!EDH:!MD5:!EXPORT:@SPEED has the following parameters defined: