Ssl settings – Amer Networks E5Web GUI User Manual

12.9. SSL Settings

SSL Processing Priority

The maximum amount of CPU resources that SSL processing is allowed to use for opening new
SSL connections. This setting affects all cOS Core subsystems that make use of SSL processing.

If the proportion of CPU time allocated is not sufficient then some SSL connection setups may fail
under a heavy SSL load and the following log message will be seen:

SSL Handshake: Disallow ClientKeyExchange. Closing down SSL connection

The solution to the problem is to increase the maximum CPU resources available from the
default setting of Normal (about 17%) up to either High (about 25%) or Very High (about 50%).
However, a higher CPU allocation may adversely effect the responsiveness of other cOS Core
subsystems.

Lowering the priority is not normally needed unless there is a reason to reduce the CPU time
allocated to SSL connection setup.

Default: Normal (about 17%)

TLS RSA RC4 128 SHA1

Enable cipher RSA_WITH_RC4_128_SHA1.

Default: Enabled

TLS RSA RC4 128 MD5

Enable cipher TLS_RSA_WITH_RC4_128_MD5.

Default: Enabled

TLS RSA EXPORT 1024 RC4 56 SHA1

Enable cipher TLS_RSA_EXPORT1024_WITH_RC4_56_SHA1.

Default: Enabled

TLS RSA EXPORT 1024 RC4 40 MD5

Enable cipher TLS_RSA_EXPORT1024_WITH_RC4_40_MD5.

Default: Disabled

TLS RSA EXPORT 1024 RC2 40 MD5

Enable cipher TLS_RSA_EXPORT1024_WITH_RC2_40_MD5.

Default: Disabled

TLS RSA EXPORT NULL SHA1

Chapter 12: Advanced Settings

742