Support

Support for business applications

Kaspersky Scan Engine

Using Kaspersky Scan Engine in HTTP mode

HTTPS connections
Kaspersky Scan Engine
Нет результатов
Knowledge Base Online Help
FAQ System requirements Forum Contact support Recovery tools Product videos

HTTPS connections

March 5, 2024

ID 210245

Kaspersky Scan Engine in HTTP mode supports HTTPS to establish a secure connection.

Kaspersky Scan Engine does not check the HTTP client certificate.

Kaspersky Scan Engine supports the following secure protocols and cipher suites:

  • TLS 1.3 protocol and the following cipher suites:
    • TLS_AES_256_GCM_SHA384
    • TLS_CHACHA20_POLY1305_SHA256
    • TLS_AES_128_GCM_SHA256
  • TLS 1.2 protocol and the following cipher suites:
    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256

To configure an HTTPS connection, you need to specify the following parameters in the HTTP mode configuration file:

In addition, you can configure an HTTPS connection by using Kaspersky Scan Engine GUI.

Below is an example of how to generate private key and certificate files.

To generate a private key and a certificate (Linux):

  1. Go to /opt/kaspersky/ScanEngine/tools.
  2. Run the following command:

    ./openssl req -new -x509 -config openssl.cnf -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -nodes -days 3650 -subj "/C=RU/CN=localhost" -keyout kavhttpd.key -out kavhttpd.cert

    In /opt/kaspersky/ScanEngine/tools, two files are created:

    • kavhttpd.key—the private key
    • kavhttpd.cert—the certificate

To generate a private key and a certificate (Windows):

  1. Go to %service_dir%\tools.
  2. Run the following command:

    openssl.exe req -new -x509 -config openssl.cnf -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -nodes -days 3650 -subj "/C=RU/CN=localhost" -keyout kavhttpd.key -out kavhttpd.cert

    In %service_dir%\tools, two files are created:

    • kavhttpd.key—the private key
    • kavhttpd.cert—the certificate

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.