Documentation Bug: IceSSL protocols

grembogrembo Member Michael GmelinOrganization: Grem Equity GmbHProject: E-Commerce platform
IceSSL Properties - Ice 3.5 - ZeroC

This says:
Specifies the protocols to allow during SSL handshaking. Legal values are SSL3, TLS1, TLS1_0 (alias for TLS1), TLS1_1, and TLS1_2. You may also specify multiple values, separated by commas or white space. If this property is not defined, the platform's default is used.

The values that are actually allowed are:
  • SSL3: ssl3, sslv3
  • TLSv1.0: tls, tls1, tlsv1, tls1_0, tlsv1_0
  • TLSv1.1: tls1_1, tlsv1_1
  • TLSv1.2: tls1_2, tlsv1_2

It might be a good idea to disable SSLv3 by default in the next release.

p.s. We're using these settings in production right now:
IceSSL.Protocols=tlsv1_2,tlsv1_1,tlsv1
IceSSL.Ciphers=HIGH:!aNULL:!MD5:!3DES
Sign In or Register to comment.