Configure SSL/TLS Strong Encryption
You can configure SSL/TLS strong encryption for Tenable Security Center Director-client communications to meet the security needs of your organization. For more information about Tenable Security Center encryption, see Encryption Strength.
To configure SSL/TLS strong encryptions for Tenable Security Center Director communications:
-
Open the
/opt/sc/support/conf/sslciphers.conf
file in a text editor. -
Add the following content at the end of the file:
SSLCipherSuite <cipher you want to use for SSL/TLS encryption>For example:
# SSL Ciphers
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCompression off
SSLCipherSuite ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384
-
Restart Tenable Security Center Director, as described in Start, Stop, or Restart Tenable Security Center Director.
Tenable Security Center Director restarts.
-
In /opt/sc/support/logs, open ssl_request_log.
The log file text appears.
-
Verify the configuration in ssl_request_log matches the cipher you specified. If the configuration and cipher do not match, investigate the following:
-
Confirm that you provided the cipher using correct syntax.
-
Confirm that your browser supports the cipher you provided.
-
Confirm that you do not have other applications installed that redirect or layer additional encryption for SSL traffic.
-