Versions Compared

Old Version 28

changes.mady.by.user Phil Sorber

Saved on

compared with

New Version Current

changes.mady.by.user Daniel Ferradal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

SSL new features and improvements

Change in behavior of proxy.config.ssl.server.honor_cipher_order setting

A bug regarding the behavior of the proxy.config.ssl.server.honor_cipher_order setting has been fixed.  When enabled this setting allows the server to pick the preferred cipher used during the TLS or SSLv3 handshake based on the value of the proxy.config.ssl.server.cipher_suite setting.

Previously, a value of 0 enabled this setting, and a value of 1 disabled this setting - the reverse of the expected behavior.  ATS previously shipped with a value of 1 (disabled).  Starting in 4.2.0, the expected behavior was restored - 1 for enable, 0 for disable.  The default in 4.2.0+ is 0, so the out of the box behavior remains the same.

Please verify/update records.config if you migrated this value from an older version of ATS to 4.2.0.

JiraTS-2370

TLS 1.1 and 1.2 Configurations

...

Code Block
CONFIG proxy.config.ssl.server.cipher_suite STRING ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2

...