Fine-Tuning SSL Protocols and Ciphers in SafeLine WAF

SharonSharon
2 min read

Table of contents

SafeLine gives you full control over SSL protocols and cipher suites for securing your web applications. Here's how to configure SSL certificates, select supported protocol versions, and customize cipher suites to meet your security needs.

Setting Up SSL Certificates

To enable HTTPS access, simply upload your SSL certificate while configuring the corresponding port. SafeLine will handle the rest.

Image description

Choosing SSL/TLS Protocol Versions

SafeLine supports a wide range of SSL/TLS versions. You can select your desired protocol under the SSL Protocol section. Options include:

  • TLSv1

  • TLSv1.1

  • TLSv1.2

  • TLSv1.3

  • SSLv2

  • SSLv3

Image description

Customizing SSL Cipher Suites

Depending on your security policy or compliance requirements, you may need to specify which encryption algorithms to allow. SafeLine supports custom SSL cipher suites. Below are examples of commonly used configurations:

  • Nginx (official):

    AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5

  • Cloudflare (recommended):

    [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES

  • Mozilla (modern / TLS 1.3):

    TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

  • Mozilla (intermediate / TLS 1.2):

    ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384

  • Mozilla (legacy TLS 1.0–1.2):

    ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256

  • Cipherli (recommended):

    EECDH+AESGCM:EDH+AESGCM

  • High-strength configuration:

    HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4:!RSA

With these settings, you can ensure your application uses secure and optimized encryption tailored to your specific environment.

🤝 Join Our Community

For any technical support, you can post the question directly on our forum: https://safepoint.cloud/discussion (Our technicians will receive a notification and reply shortly).
Or you can also post it in our Discord community: https://discord.gg/dy3JT7dkmY (We’ll check messages there every day)

1
Subscribe to my newsletter

Read articles from Sharon directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Web DevelopmentwebdevSafeLine

Written by

Sharon
Sharon