How do I remove Diffie Hellman cipher from web server SSL cipher list
Diffie-Hellman is a type of SSL encryption cipher. It is designed for third parties, which are systems other than the two parties at the two endpoints of a conversation, cannot decrypt the communications traffic. A user session that is established with a web server by using this cipher cannot be captured by using the Unica Discover Network Capture Application.
Discover provides the following instructions to our customers on how to disable the Diffie-Hellman negotiation on their Web servers, if they choose to do so.
Note: If the web server infrastructure includes an SSL termination or acceleration device further
upstream closer to the visitor's web browser than the point at which the Discover
Unica Discover
Network Capture Application server (DNCA server) is monitoring the traffic, then the DNCA
server can see all the traffic as non-SSL cleartext, even if Diffie-Hellman is applied.
In this situation, the following solution does not apply. The SSL terminating device is
free to negotiate Diffie-Hellman with the visitor's browser. It is because the DNCA
server is downstream of the encrypted traffic and does not have to do any
decryption.