Can I change the cipher list that CMDaemon will negotiate with clients?
This article is being updated. Please be aware the content herein, not limited to version numbers and slight syntax changes, may not match the output from the most recent versions of Bright. This notation will be removed when the content has been updated.
Yes, this is possible in Bright 6.x with a CMDaemon revision >=17802.
To set the cipher list, the following AdvancedConfig option should be placed in /cm/local/apps/cmd/etc/cmd.conf:AdvancedConfig = { "CipherList=HIGH" }
Note that if an AdvancedConfig section already exists in the cmd.conf, the CipherList option should be merged into the existing AdvancedConfig section (using commas as separation characters).
For more information about what ciphers are included in a given cipher list, use for example the following command:openssl ciphers -v HIGH:SHA