Hi @Gergely (Sydney)
Thanks for raising this query, I have raised this with Development and had some confirmations on correct values and where to apply.
The Additional Setting link sPriKeyEncCipher is correct, this needs to be placed under Session category.
Please note, you will need to add this setting to the Commserve and each client that is required to use the specified cipher.
On each client next certificate refresh, the new cipher will be used.
I will request Documentation is updated to show the correct values.
Thanks,
Stuart
Hi @Gergely (Sydney)
On checking this further, the FR26 documentation lists the correct values, so this might just be an issue on earlier versions, but I’ll follow up with Documentation team to get those cleaned up:
FR26 - Changing the Ciphers Used to Generate Client Private Keys
Property | Value |
---|
Setting Name | sPriKeyEncCipher |
Category | Session |
Type | STRING |
Values | 3des (uses Triple DES in CBC mode, also known as 3DES CBC) aes128 (uses 128-bit Advanced Encryption Standard in CBC mode, also known as AES 128 CBC) aes256 (uses 256-bit Advanced Encryption Standard in CBC mode, also known as AES 256 CBC) |
Thanks,
Stuart
Thanks, it seems it was recently updated, FR24 as well, didn’t check the other versions.
Now it has the “Before you begin” section added, so we need to add the nForceSHA256 additional setting as well?