KNOWLEDGE BASE ARTICLE

Configuring TLS Cipher Suites in Umango

Overview

Transport Layer Security (TLS) is a cryptographic protocol used to secure communications over networks. Cipher Suites define the encryption algorithms used during a TLS handshake between your server and clients.

In Umango, you can configure the supported Cipher Suites using the Advanced Configuration option. This allows administrators to customize encryption settings to align with security policies and compliance requirements.

What is a Cipher Suite?

A Cipher Suite is a set of cryptographic algorithms that define how secure communication is established over TLS. Each suite consists of:

  • Key Exchange Algorithm - Determines how encryption keys are securely shared.
  • Authentication Algorithm - Verifies the server's and client's identity.
  • Encryption Algorithm - Secures data transmission.
  • Message Authentication Code (MAC) - Ensures data integrity.

Example Cipher Suite:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Why Configure Cipher Suites?

By customizing Cipher Suites in Umango, you can:

  • Strengthen Security - Remove weak or outdated encryption algorithms.
  • Meet Compliance Standards - Ensure alignment with FIPS 140-2, PCI-DSS, or NIST guidelines.
  • Optimize Compatibility - Select Cipher Suites supported by your network and client systems.

How to Configure Cipher Suites in Umango

The steps below assume you are running Umango version 25.3 or newer and have already configured Umango with a suitable x509 certificate for TLS/https support. For assistance with this step, refer to this article.

Step 1: Access Advanced Configuration

1. Open Umango and go to the Administration Panel.

2. Navigate to Advanced Configuration. (Refer to this article for more details.)

3. Locate or create the setting: CypherSuites

Step 2: Define the Cipher Suites

In the Value field, enter a comma-separated list of supported Cipher Suites.

Example Configuration:

TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Step 3: Apply and Restart

1. Save the configuration.

2. Restart the Umango service for changes to take effect.

Recommended Cipher Suites

For TLS 1.3:

TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256

For TLS 1.2:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Avoid weaker suites like TLS_RSA_* and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA.

Troubleshooting

  • Issue: The setting doesn't take effect.
    Ensure the Umango service is restarted after changes.
  • Issue: Clients cannot connect after the update.
    Check if the selected Cipher Suites are supported by the client systems.
  • Issue: "CipherSuitesPolicy is not supported" error appears.
    Remove any unsupported Cipher Suites from the list.

Conclusion

Configuring Cipher Suites in Umango allows you to enhance security, enforce compliance, and optimize compatibility. Ensure that you regularly review and update your Cipher Suite settings to stay aligned with best practices.

Link to this article https://umango.com/KB?article=144

Related Tags

x509 SSL HTTPS Security Complicance
© Umango Pty Ltd
Powered by HTML5