New HTTP File Server Options

The HTTP File Server screen has been split into two sections and now has an Advanced screen, which includes two new options for advanced SSL configuration.

Advanced screen showing Allow pre-authentication, CDN URL, web server timeout, list of enabled SSL versions, and the OpenSSL cipher list.

Enable SSL Versions

This option lets you choose which versions of SSL are allowed when users connect to MAPS using HTTPS. If your organization is required to support older browser versions, you may wish to enable obsolete SSL protocols. You may also choose to disable TLS 1.0 and 1.1 (enabled by default) for additional security if you do not intend to support browsers that do not support TLS 1.2. List of SSL/TLS support by browser

Note: Supporting users on Windows XP requires leaving TLS 1.0 enabled.

OpenSSL Cipher List

The cipher list gives you complete control over the exact SSL ciphers that MAPS is allowed to use. The cipher list contains one or more cipher strings, in the format described in the OpenSSL documentation.

Note: You should ensure there are no typos in the cipher list. Entering an empty or invalid cipher list will result in MAPS behaving as though you had entered the default cipher list.

Note Regarding 3rd-Party Security Checks

Some websites that provide software security checks may not issue a grade above a B+ due to the nature of some of the supported security ciphers. Specifically, RC4 ciphers are currently required to prevent Browser Exploit Against SSL/TLS (BEAST) attacks. It is therefore assumed that RC4 ciphers should be included in the OpenSSL cipher list. However, RC4 has its own security vulnerabilities that may lower the grade provided by security-checking software. If you choose to alter the default cipher list, you should be aware of the advantages and disadvantages provided by the ciphers you include.