SSL ciphers for HTTPS and proxy connections

Various ciphers can be used for SSL connections. Different algorithms are used for key exchange, encryption, and message authentication. By default, the grid uses a filtered list of the ciphers that are supported by the configured JDK. Ciphers that are considered insecure are filtered from the JDK ciphers in this default selection.

The ciphers to use for SSL are configurable for each grid router, and for both proxy connections and HTTPS connections. It is possible to enable ciphers that are not enabled by default, as well as to disable default ciphers.

If any cipher suites are specified, the server will offer those cipher suites (only) when negotiating the protocol during the SSL handshake. If the "Default" selection is made, the client and server base the protocol negotiation on the available cipher suites in the JDK of the client and the filtered default JDK cipher suites in the grid.

Note: Take care when configuring the available ciphers, because a too restrictive choice of router ciphers may lock out clients. We recommend that you create a new temporary router for testing the settings, before performing a change on other routers.