Using Ciphers for Inbound SSL Connections

This topic describes the use of ciphers for inbound SSL (HTTPS and FTPS) connections with the Server. For the procedure for configuring SSL on EFT, refer to Enabling SSL on the Server.

EFT validates inbound SSL sessions, and allows or denies connections based on ciphers specified on the Server's Security tab. During SSL negotiation, the connecting (inbound) SSL client is allowed to select its preferred combination from the specified list.

  • PCI DSS 4.1 states that you should use strong ciphers and protocol versions. On a PCI DSS Site, if you attempt to specify weak ciphers and protocol versions or to create a cipher manually, the Server prompts you to correct it, or continue with reason. When using the GSCM, the Server enforces the use of specific algorithms for FIPS mode.

  • If FIPS mode is enabled for SSL connections, only FIPS-approved SSL ciphers are available (AES 256 bit, 3DES 168 bit, AES 128 bit).

EFT provides two options for specifying ciphers: Select from list (the default) or Manually specify. Each is described below:

Related Topics