Configuring TLS/SSL in Xeams
Xeams runs on Java; therefore, most network-related configurations are inherited from the underlying platform. Administrators often want to fine-tune configuration related to TLS/SSL like specifying different cipher suites and/or disabling weaker protocols. This page describes how to accomplish this task.
Important Note
Before modifying the TLS settings, we recommend you upgrade to a newer JRE in Xeams to see if that uses newer ciphers that you wanted. Use the following directions to upgrade the JRE:
- Log in as the Administrator
- Click Tools/About Xeams
- Search for
java.versionon this page. - Click the Upgrade JRE on the right, if available. If you don't see this link, that means either you're using the latest version already, an upgrade for JRE is not available for your OS, or you're using an older version of Xeams.
Most of the advanced configuration in Xeams is done by adding entries in the server.properties file.
Specifying TLS version
Add the following lines in server.properties to configure the version of TLS.tls.protocols.4.smtp=TLSv1.1,TLSv1.2,TLSv1.3 synametrics.https.sslProtocol=TLSv1.1,TLSv1.2,TLSv1.3The above lines restrict the TLS version for SMTP and HTTPS to TLSv1.1, TSLv1.2 and TLSv1.3.
Specifying Custom Cipher Suites
Add the following lines in server.properties.
ssl.cipher.list=TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,...Additional ciphers can be appended with a comma separating their names.