Enabling SSL on the Server
Before configuring SSL on the Site, you must configure SSL on the server. Specify SSL versions and ciphers before enabling SSL connections. After you have enabled SSL for the server, SSL connections can be enabled on the Site, Settings Template, and/or for each user. Each level can inherit the settings from the parent.
To configure SSL
-
In the administration interface, connect to EFT and click the Server tab.
-
On the Server tab, click the server node that you want to configure.
-
In the right pane, click the Security tab.
-
In the SSL Compatibility area, specify the SSL versions/ciphers to use:
-
Select the check box of one or more ciphers/algorithms to use, or manually specify the ciphers. At least one cipher must be specified.
Only advanced users should manually specify ciphers.
-
Click the arrows to arrange the ciphers in top-down priority. If more than one approved cipher is specified, and the connecting client has in its list one or more ciphers that are also on EFT’s approved list, EFT will select and use the cipher based on ordering (priority) shown in the list box.
-
Click Apply to save the changes to EFT.
-
SSL Cipher and Version-allowed settings affect ALL Sites on EFT.
-
For PCI DSS compliance, EFT checks for 128-bit or higher ciphers, and SSLv3 or greater, and no use of CCC or PROT-C.
-
A Certificate Authority (CA)-signed certificate establishes your validity better than a self-signed certificate.
-
For details of SSL when using FIPS mode, refer to FIPS-Certified Protocols and Ciphers.