Configure SSL Cipher String
If the WAF is the first point of termination for public SSL certificates, then you may wish to adjust the SSL Cipher String to conform to your organization’s security policies.
To change the SSL cipher string for a website:
- In the Alert Logic console, click navigation menu () > Configure > WAF, and then click the Appliances tab.
- In the item row of your appliance, click the appliance name.
- In the Managed WAFconsole, click Websites, and click the desired website.
- On the Website page, click Virtual host.
- On the Virtual Host page, scroll down to the SSL Ciphers section. You can either select one of the existing cipher strings (Speed optimized, Encryption strength optimized, etc.) or select Custom OpenSSL cipher string to enter a custom cipher string. Note that the WAF uses OpenSSL format cipher strings.
- If you have a specific list of ciphers you would like to use, you can create a string with a list of cipher names separated by a colon (:). Here is an example custom cipher string with 3 ciphers:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384
Enter the custom cipher string under Custom OpenSSL cipher string and click the Update cipher preference list button. This will update the cipher list display with the list of ciphers that the WAF will use to negotiate with browsers. - Click Save settings on the lower right.
- To commit your changes, click apply changes at the top of the screen. When prompted “Are you sure you want to apply the changes to the running configuration?”, click OK.