Strong Encryption

Stronger SSL Encryption can be achieved by doing the following:

  • Upgrade your operating system
  • Upgrade Java
  • Upgrade Noodle
  • Set crypto.policy=unlimited in $JRE_HOME/jre/lib/security/java.security
    • Get JCE if it was not included with your JDK/JRE
  • Limit Protocols and Ciphers in multiserver.conf
    • Best of 2018

      • Connection.CM_1.Protocols[] = TLSv1.3
      • Connection.CM_1.Ciphers[] = TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384
    • For Windows 7 compatibility add;
      • Connection.CM_1.Protocols[] = TLSv1.2
      • Connection.CM_1.Ciphers[] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
        TLS_AES_256_GCM_SHA384
  • Add a CAA record to your DNS.

The available ciphers and protocols are listed on http://DOMAIN.TLD/Check.po?admin=now
Test at ssllabs.

TLSv1.3 is available on JRE11