I just noticed that the Get database parameter(64;<>vtCurrent_SSLCipherList) seems to return a default value of:
AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH That doesn't seem correct especially since I am running 4D v16 R6 and it was my understanding from the release notes (see below) that RC4 is disabled by default. RC4 ALGORITHM DISABLED The RC4 algorithm has known security issues and is now deprecated in 4D Web Server. All RC4 ciphers have been removed from the default cipher list and the “!RC4” pattern has been added to the updated cipher list to explicitly prohibit it. The simple code example I am testing is: <>vtCurrent_SSLCipherList:="" $Cipher:=SET DATABASE PARAMETER(SSL cipher list;"") $Cipher:=Get database parameter(64;<>vtCurrent_SSLCipherList) After I execute this the value <>vtCurrent_SSLCipherList equals AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH Am I misunderstanding something? Thanks, Mike McCall Facilitate.com ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **********************************************************************
