What is TLSOverwriteCiphers setting syntax?

seanm · June 18, 2019, 4:24pm

I’ve discovered the existence of the TLSOverwriteCiphers setting, but can’t find any docs on it. I’m hoping to use it to get an ‘A’ score on https://www.ssllabs.com/ssltest/ which reports that some of the default ciphers are weak.

Thanks,

Sean

amy.blais · June 18, 2019, 5:13pm

@seanm, Please see https://docs.mattermost.com/administration/config-settings.html#tls-cipher-overwrites.

seanm · June 19, 2019, 1:55am

Thanks!

The SSLLabs test shows these enabled, I guess by default:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384

It clams the latter two are weak. Seems it and Mattermost use the same syntax, so I’ve set:

"TLSOverwriteCiphers": [
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
],

and now I get an ‘A’ instead of ‘B’.

Cheers.

Topic		Replies	Views
Encryption used by mattermost Troubleshooting	4	3103	April 1, 2019
Setting Up TLS for MM - Need CSR Troubleshooting	5	837	February 18, 2020
Adjust TLS Settings Troubleshooting	3	1289	November 6, 2018
TLS Manual Configuration Troubleshooting	4	210	January 23, 2024
Issues with HTTPS/TLS Troubleshooting	15	7805	September 20, 2019

What is TLSOverwriteCiphers setting syntax?

Related Topics