Skip to main content


tls_protocols — allowable ciphers for TLS inbound and outbound sessions


tls_protocols = "+<baseprotocol>[:[+|-]<additional protocols]"


**Configuration Change. ** This option is available as of version

tls_protocols specifies the allowable protocols for an OpenSSL TLS session. The available protocols are ALL, SSLv2, SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 and TLSv1.3 (since Momentum 4.6). Each set can be enabled or disabled by prefixing its name with a “+” or “-“ respectively. The following example shows the SSLv2 and SSLv3 protocols being disabled:

TLS_Protocols = "+ALL:-SSLv2:-SSLv3"

This option has no meaning for GNUTLS.

The default value is “+ALL”.


In Centos/RHEL 5, which are typically shipped with OpenSSL 0.98, TLSv1.1, TLSv1.2 and TLSv1.3 are not available.


tls_protocols is valid in the binding, binding_group, domain, ecstream_listener, esmtp_listener, global, http_listener, listen, pathway, pathway_group and peer scopes.

Was this page helpful?