Configure SSL/TLS Strong Encryption

You can configure SSL/TLS strong encryption for Tenable Security Center Director-client communications to meet the security needs of your organization. For more information about Tenable Security Center encryption, see Encryption Strength.

To configure SSL/TLS strong encryptions for Tenable Security Center Director communications:

1. Open the /opt/sc/support/conf/sslciphers.conf file in a text editor.

2. Add the following content at the end of the file:

   SSLCipherSuite <cipher you want to use for SSL/TLS encryption>

   For example:

   # SSL Ciphers

   SSLProtocol ALL -SSLv2 -SSLv3

   SSLHonorCipherOrder On

   SSLCompression off

   SSLCipherSuite ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384

3. Restart Tenable Security Center Director, as described in Start, Stop, or Restart Tenable Security Center Director.

   Tenable Security Center Director restarts.

4. In /opt/sc/support/logs, open ssl_request_log.

   The log file text appears.

5. Verify the configuration in ssl_request_log matches the cipher you specified. If the configuration and cipher do not match, investigate the following:

   • Confirm that you provided the cipher using correct syntax.

   • Confirm that your browser supports the cipher you provided.

   • Confirm that you do not have other applications installed that redirect or layer additional encryption for SSL traffic.