Mattermost, Inc.

What is TLSOverwriteCiphers setting syntax?

I’ve discovered the existence of the TLSOverwriteCiphers setting, but can’t find any docs on it. I’m hoping to use it to get an ‘A’ score on https://www.ssllabs.com/ssltest/ which reports that some of the default ciphers are weak.

Thanks,

Sean

@seanm, Please see https://docs.mattermost.com/administration/config-settings.html#tls-cipher-overwrites.

Thanks!

The SSLLabs test shows these enabled, I guess by default:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384

It clams the latter two are weak. Seems it and Mattermost use the same syntax, so I’ve set:

"TLSOverwriteCiphers": [
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
],

and now I get an ‘A’ instead of ‘B’.

Cheers.