You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the **TLS Cipher Suites for Router** field, specify the TLS cipher suites to use for TLS handshakes between Gorouter and downstream clients like load balancers or HAProxy. Use an ordered, colon-delimited list of Golang-supported TLS cipher suites in the OpenSSL format. The recommended setting is `ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384`. Operators should verify that the ciphers are supported by any clients or downstream components that will initiate TLS handshakes with the Router. For a list of TLS ciphers supported by the Gorouter, see [Securing Traffic into Cloud Foundry](../adminguide/securing-traffic.html#ciphers).
<%= image_tag 'networking_tls_router.png' %>
Verify that whatever client is participating in the TLS handshake with Gorouter has at least one cipher suite in common with Gorouter.
<p class="note"><strong>Note</strong>: Specify cipher suites that are supported by the versions configured in the <b>Minimum version of TLS supported by HAProxy and Router</b> field.</p>