You can configure the security protocols and cipher suites that PSG's client-side listener accepts by editing the registry. If required, this task can also be performed on a RDS host.
The protocols that are allowed are, from low to high, tls1.0, tls1.1, and tls1.2. Older protocols such as SSLv3 and earlier are never allowed. The default setting is
tls1.2:tls1.1
.
Note: In FIPS mode, only TLS 1.2 is enabled (tls1.2).
The following cipher list is the default:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:@STRENGTH"
Note: In FIPS mode, only GCM cipher suites are enabled (
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
).