Github user k4rthikr commented on the issue:
https://github.com/apache/tinkerpop/pull/912
@robertdale Should we also provide a config entry for disabling certain
cipher suites? For example TLS_RSA_WITH_3DES_EDE_CBC_SHA is supported. This
cipher suite has a 64-bit block size, and the security properties of this
construction do not hold when more than 32 GB of data are sent over a single
TLS connection. Thus, this cipher suite is not suitable for long-lived TLS
connections, such as those opened to a database. In fact, it wouldn't hurt to
just programmatically remove these ciphers.
---
