Configure SSL/TLS Strong Encryption

You can configure SSL/TLS strong encryption for Tenable Security Center Director-client communications to meet the security needs of your organization. For more information about Tenable Security Center encryption, see Encryption Strength.

To configure SSL/TLS strong encryptions for Tenable Security Center Director communications:

  1. Open the /opt/sc/support/conf/sslciphers.conf file in a text editor.

  2. Add the following content at the end of the file:

    SSLCipherSuite <cipher you want to use for SSL/TLS encryption>

    For example:

    # SSL Ciphers

    SSLProtocol ALL -SSLv2 -SSLv3

    SSLHonorCipherOrder On

    SSLCompression off

    SSLCipherSuite ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384

  3. Restart Tenable Security Center Director, as described in Start, Stop, or Restart Tenable Security Center Director.

    Tenable Security Center Director restarts.

  4. In /opt/sc/support/logs, open ssl_request_log.

    The log file text appears.

  5. Verify the configuration in ssl_request_log matches the cipher you specified. If the configuration and cipher do not match, investigate the following:

    • Confirm that you provided the cipher using correct syntax.

    • Confirm that your browser supports the cipher you provided.

    • Confirm that you do not have other applications installed that redirect or layer additional encryption for SSL traffic.