First, make sure you are running the latest Cerberus FTP Server release. The steps and guidance below only apply to the latest official release.
Enabling strong support for Perfect Forward Secrecy (PFS) requires a carefully crafted SSL cipher string to enable and prioritize the appropriate key exchange suites.
The SSL cipher string can be accessed and changed on the Security page of the Server Manager. For users on Cerberus 9 and below, press the Advanced button to bring up the Advanced Security dialog.
We currently recommend the following string for strong PFS support:
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!CAMELLIA
Comments
0 comments
Please sign in to leave a comment.