В контроллере доставки приложений OPLON LBL вы можете включать и отключать протоколы SSL / TLS и набор шифров для всех слушателей или для одного слушателя.
Ниже параметров для одного слушателя. Если установлено, параметры отдельных слушателей переопределяют общие параметры.
Параметр: SSLProtocols = "TLSv1.1 TLSv1.2"
<bind enable="true"
description="Sample HTTPS listener"
listenType="NAT"
address="192.168.56.17 192.168.178.70"
port="443"
SSL="true"
SSLSNI="false"
SSLSNIDefaultCertificateEnable="false"
SSLContextVersion="SSLv3"
SSLUseCipherSuitesOrder="true"
aliasPassword="defaultpwd"
certificateURIPath="serverkeys"
certificateURL=""
checkClientCertificateValidity="false"
SSLProtocols="TLSv1.1 TLSv1.2"
cipherSuites="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_SHA256 TLS_ECDHE_RSA_WITH_AES_128_SHA TLS_ECDHE_ECDSA_WITH_AES_128_SHA TLS_ECDHE_RSA_WITH_AES_256_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_SHA384 TLS_ECDHE_RSA_WITH_AES_256_SHA TLS_ECDHE_ECDSA_WITH_AES_256_SHA TLS_DHE_RSA_WITH_AES_128_SHA256 TLS_DHE_RSA_WITH_AES_128_SHA TLS_DHE_DSS_WITH_AES_128_SHA256 TLS_DHE_RSA_WITH_AES_256_SHA256 TLS_DHE_DSS_WITH_AES_256_SHA"
enableVirtualDomain="true"
endPointsGrouping="http_https"
forwardClientCertificateChainDepth="1"
forwardClientCertificateToEndpoint="false"
forwardClientPemCertificateToEndpoint="false"
keyStore="JKS"
keyManagerFactory="SunX509"
keyStorePassword="defaultpwd"
needClientAuthentication="true"
osiLayer="7"
portForwarding="false"
sslSessionCacheSize="0"
sslSessionCacheTimeout="86400"
transport="tcp"
trustAllCertificates="true"
trustCertificateURIPath="trustStore.jks"
trustKeyStore="JKS"
trustKeyStorePassword="test"
xForwardedFor="true"/>
И на этом параграф параметры для всех слушателей:
Параметр: SSLProtocolsListeners = "TLSv1.1 TLSv1.2"
<params
SSLProtocolsListeners="TLSv1.1 TLSv1.2"
cipherSuitesListeners="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_SHA256 TLS_ECDHE_RSA_WITH_AES_128_SHA TLS_ECDHE_ECDSA_WITH_AES_128_SHA TLS_ECDHE_RSA_WITH_AES_256_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_SHA384 TLS_ECDHE_RSA_WITH_AES_256_SHA TLS_ECDHE_ECDSA_WITH_AES_256_SHA TLS_DHE_RSA_WITH_AES_128_SHA256 TLS_DHE_RSA_WITH_AES_128_SHA TLS_DHE_DSS_WITH_AES_128_SHA256 TLS_DHE_RSA_WITH_AES_256_SHA256 TLS_DHE_DSS_WITH_AES_256_SHA"
clientH2Bridge="false"
clientSSLUseCipherSuitesOrder="true"
concurrentSessions="-1"
dosAttackPrevention="false"
dosAttackPreventionOnlyClose="false"
endPointSSLUseCipherSuitesOrder="true"
maxConcurrentSessions="-1">
</params>