The load balancer service in MedStack Control supports two (2) collections of cipher suites. When creating the load balancer, you have the option to deploy it with:

1. The "Most strict" (recommended) cipher suite supports ciphers as a part of root certificates on clients that tend to be supported and use a stronger set of ciphers, or;
2. The "Most compatible" cipher suite, which has broad support for many types of ciphers as a part of root certificates on older clients like IE 11.

Troubleshooting

In situations where clients are unable to perform a TLS handshake with web applications running in MedStack Control clusters, it's possible that clients require the server a broader set of root certificates.

Load balancer currently uses "most strict" cipher suite

Clients may be able to perform a TLS handshake by using the "most compatible" cipher suite.

1. Destroy the existing load balancer service.
2. Create a new load balancer service.
   • Select "most compatible" as the cipher suite.
   • Create load balancer.

Load balancer currently uses "most compatible" cipher suite

MedStack Control does not support other cipher suites. If you know the cipher suite defined in OWASP standards that supports your clients' TLS handshake, please reach out to us with this information at support@medstack.co