Permalink
Browse files

More on the Ciphers and Server Preference field.

  • Loading branch information...
1 parent 8f7e5b8 commit f7d33d902ec8c48979b8daaa4738208d23e85289 @skinkie committed Nov 19, 2011
Showing with 18 additions and 0 deletions.
  1. +18 −0 doc/cookbook_ssl.txt
View
@@ -157,6 +157,24 @@ straightforward actions is order to enable it:
cat public.pem inter_ca_public.pem > chained.pem
-----
+[[advanced]]
+.Advanced options
+
+In other te make SSL more secure, Cherokee offers the following advanced
+options:
+
+ . The `Ciphers` field can be set up to to allow specific cipher suites,
+ making communication with the client bound to stronger ciphers.
+ A good choice might be:
+ `ECDHE-RSA-AES256-SHA:AES256-SHA:CAMELLIA256-SHA:DES-CBC3-SHA`
+
+ . By default SSL communication prefers the cipher suite preference by
+ the client. You may understand that if a client prefers a weak cipher
+ but supports a strong cipher, the strong cipher would never be used.
+ We have introduced the option `Server Preference` to enforce our
+ preference on the client. Setting a specific order is possible using
+ the `Ciphers` field.
+
[[ie-workarownd]]
.I get certificate errors when having more than one. Workarounds?

0 comments on commit f7d33d9

Please sign in to comment.