Under the SSL tab, a tester has the following options:

• SSL Negotiations: When Burp communicates with a target application over SSL, this option provides the ability to use preconfigured SSL ciphers or to specify different ones:

If a tester wishes to customize the ciphers, they will click the Use custom protocols and ciphers radio button. A table appears allowing selection of protocols and ciphers that Burp can use in the communication with the target application:

• Client SSL Certificates: It provides an override button in the event the tester must use a client-side certificate against the target application. This option will supersede any client-side certificate configured within the user options.

After clicking the checkbox to override user options, the tester is presented with a table to configure a client-side certificate specific to this project. You must have the private key to your client-side certificate in order to successfully import it into Burp:

• Server SSL Certificates: It provides a listing of server-side certificates. A tester can double-click any of these line items to view the details of each certificate: