Configure the following TLS settings.
Protocol
The supported TLS versions.
Cipher Suite
The supported TLS cipher-suites.
Extended Master Secret
The enforcement of the Extended Master Secret (EMS) extension (RFC 7627) for TLS 1.2 and TLS 1.3 connectors. EMS strengthens TLS session security by binding the session to the full handshake, preventing certain man-in-the-middle and session hijacking attacks. EMS enforcement is required for FIPS 140-3 compliance.
Option | Description |
|---|---|
Enforce EMS | Requires all TLS connections to use the Extended Master Secret extension. Connections that do not support EMS are rejected. |
Do not enforce EMS | Allows TLS connections without enforcing the Extended Master Secret extension. This option is not recommended, as it may expose the system to known vulnerabilities. |