SSL ciphers for HTTPS and proxy connections

An SSL cipher suite specifies the different algorithms that are used for key exchange, encryption and message authentication during an SSL connection. By default, the grid uses a filtered list of the ciphers that are supported by the configured JDK. Ciphers that are considered insecure are filtered from the JDK ciphers in this default selection.

The ciphers to use for SSL are configurable for each grid router, and for both proxy connections and HTTPS connections. It is possible to enable ciphers that are not enabled by default, as well as to disable default ciphers.

If any cipher suites are specified, the server will offer those cipher suites (only) when negotiating the protocol during the SSL handshake. If the "Default" selection is made, the client and server base the protocol negotiation on the available cipher suites in the JDK of the client and the filtered default JDK cipher suites in the grid.

Note: Take care when configuring the available ciphers, since a too restrictive choice of router ciphers may lock out clients. It is recommended to create a new temporary router for testing the settings, before performing a change on other routers.