Changing ciphers
The SOAR Platform is configured to use the
most secure ciphers. You can modify the list of ciphers by updating the
co3.properties
file.
About this task
A cipher suite is a collection of cryptographic algorithms that are used to create secure (TLS) internet connections, and to encrypt and verify data that is sent over these connections. The SOAR Platform uses TLS cipher suites to establish TLS connections to external hosts such as email and threat information servers.
The SOAR Platform supports TLS v1.2 connections only.
By default, the system is configured to use the MOST_SECURE ciphers:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1)
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1)
For compatibility with earlier versions, you can configure the system to use the following DEPRECATED_CIPHERS.
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1)
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1)
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1)
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1)
- TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)
- TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048)
- TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
- TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048)
- TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048)
If nmap is installed on your system and you know the IP address of the SOAR Platform, enter the following command to view the list of
ciphers currently in use. Nmap is not installed on the SOAR Platform.
nmap -p 443 --script ssl-enum-ciphers <ip_address>
To change the list of ciphers, complete the following procedure.