| |
The strong cryptography settings allow the server to be configured to force strong encryption to be used in SSL sessions (as in https). Client mode (when the proxy server initiates the SSL session) and server mode (when the proxy server accepts an SSL session from another machine) can be configured separately. The default is to not force the use of strong cryptography in either mode.
The configuration can be done from the iChain Proxy Server system console using the following commands:
set authentication strongserverenable = (yes/no)
No --- Clients can initiate an SSL session with the proxy server using null, weak, or strong cryptography.
Yes --- Clients must initiate an SSL session with the proxy server using strong cryptography, or the session will fail.
set authentication strongclientenable = (yes/no)
No --- The proxy server will initiate an SSL session with another server using any cryptography that server supports (null, strong, or weak).
Yes --- The proxy server will only initiate an SSL session with another server using strong crypto; if unsupported by the other server, it will fail.
Applying these settings will store them in the ISO object and create a NILE.CFG file. This file is read by NILE.NLM at startup, so the server must be restarted for these settings to take effect.
| |