ACE works the same way as all other SSL servers do. When the client sends its ClientHello message, it includes a list of ciphers that it supports. ACE goes through that list and selects one that overlaps with its own ciphers. The lists are usually not ordered and order is not supposed to be significant. ACE will try to use the strongest cipher available that both the client and server support.
If you want, you can reduce the default server cipher list. This will give fewer potential matches with the client cipher list. I could even prevent connections if the client does not support a cipher. To change the cipher list used by ACE, update the CipherSpec property on the
listener. You can provide a list of ciphers or types. The default value is: !RC4+RSA:HIGH:+MEDIUM:+LOW. You can find the ciphers available
here. ACE restricts traffic to TLSv1.2 or 1.3, so only those ciphers will apply.
------------------------------
MATTHEW SEGALL
------------------------------
Original Message:
Sent: Thu February 24, 2022 07:11 AM
From: Heidi-Lize Scholtz
Subject: TLS connection and cipher suite
Hi
When a client establishes a TLS connection to an integration server in ACE12, does ACE use the server preference setting as default when selecting a cipher suite or client preference?
And if not the server preference is there a way we can change the setting to use the server setting instead of client preference?
Thanks
------------------------------
Heidi-Lize Scholtz
------------------------------