Configuring TLS/SSL in Xeams


Xeams runs on Java; therefore, most network-related configurations are inherited from the underlying platform. Administrators often want to fine-tune configuration related to TLS/SSL like specifying different cipher suites and/or disabling weaker protocols. This page describes how to accomplish this task.

Most of the advanced configuration in Xeams is done by adding entries in the server.properties file.

Specifying TLS version

Add the following lines in server.properties to configure the version of TLS.
tls.protocols.4.smtp=TLSv1.1,TLSv1.2
synametrics.https.sslProtocol=TLSv1.1,TLSv1.2
The above lines restrict the TLS version for SMTP and HTTPS to TLSv1.1 and TLSv1.2.

Specifying Custom Cipher Suites

Add the following lines in server.properties.

ssl.cipher.list=TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,...
Additional ciphers can be appended with a comma separating their names.

Additional Parameters

Refer to this page on Oracle's website to see how to specify additional parameters. You can add these parameters in server.properties file.