User Tools

Site Tools


public:5116_faq:how_to_provide_a_higher_level_of_ssl_security_for_ahsaycbs

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
public:5116_faq:how_to_provide_a_higher_level_of_ssl_security_for_ahsaycbs [2018/01/12 14:02]
edward.chan
public:5116_faq:how_to_provide_a_higher_level_of_ssl_security_for_ahsaycbs [2021/04/30 16:22]
edward.chan
Line 1: Line 1:
 +=====  FAQ: How to provide a higher level of SSL security for AhsayCBS ​  =====
  
 +<​html>​
 + <​b>​
 +  Article ID:
 + </​b>​
 + 5116
 + <​br/>​
 + <​b>​
 +  Reviewed:
 + </​b>​
 + ​13/​11/​2017
 + <​br/>​
 + <​br/>​
 + <​b>​
 +  Product Version:
 + </​b>​
 + <​br/>​
 + ​AhsayCBS:​ 7.3 or above
 + <​br/>​
 + OS: All platforms
 +</​html>​
 +
 +
 +===== Description =====
 +This article provides instruction on how to provide a higher level of SSL security for AhsayCBS.
 +
 +
 +===== Steps =====
 +<​html>​
 +To disable all weak cipher suite on AhsayCBS:
 + <​br/>​
 + <​ol>​
 +  <​li><​font color=black>​
 +   Edit the server.xml file found under ${Install-Home}\conf
 +   <​br/>​
 +   <​br/>​
 +   <​ul>​
 +    <​li><​font color=black>​
 +     Open '​server.xml'​ with a text editor:
 +     <​br/>​
 +     <​br/>​
 +     <​table border="​0"​ cellpadding="​0"​ cellspacing="​0"​ width="​850">​
 +      <tr>
 +       <​td align="​center"​ style="​BORDER-TOP:​ gray 1pt solid; BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BORDER-BOTTOM:​ gray 1pt solid; BACKGROUND-COLOR:​ #​969696">​
 +        <b>
 +        <font color=black>​
 +         ​server.xml
 +         </​font>​
 +        </b>
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        ...
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +       &​nbsp;&​lt;​Service name="​Catalina"&​gt;​
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​lt;​Connector port="​80"​ protocol="​HTTP/​1.1"​ maxKeepAliveRequests="​1000"​ disableUploadTimeout="​true"​ ...
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;​redirectPort="​443"​ minSpareThreads="​50"​ maxThreads="​2000"​ acceptCount="​200"​ ...
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;​connectionTimeout="​120000"​ address="​0.0.0.0"​ socketBuffer="​16384"​ /&gt;
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​lt;​Connector port="​443"​
 +        <font color=#​FF0000>​
 +         ​SSLCipherSuite="​HIGH:​!aNULL:​!MD5"​
 +        </​font>​
 +        protocol="​HTTP/​1.1"​ ...
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        ...
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BORDER-BOTTOM:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        ...
 +       </​td>​
 +      </tr>
 +     </​table>​
 +    </​font></​li>​
 +    <​li><​font color=black>​
 +     ​Update the SSLCipherSuite parameter with:
 +     <​br/>​
 +     <​br/>​
 +     <​i>​SSLCipherSuite="​ECDHE-RSA-AES128-GCM-SHA256:​ECDHE-ECDSA-AES128-GCM-SHA256:​ECDHE-RSA-AES256-GCM-SHA384:​ECDHE-ECDSA-AES256-GCM-SHA384:​DHE-RSA-AES128-GCM-SHA256:​DHE-DSS-AES128-GCM-SHA256:​EDH+AESGCM:​ECDHE-RSA-AES128-SHA256:​ECDHE-ECDSA-AES128-SHA256:​ECDHE-RSA-AES128-SHA:​ECDHE-ECDSA-AES128-SHA:​ECDHE-RSA-AES256-SHA384:​ECDHE-ECDSA-AES256-SHA384:​ECDHE-RSA-AES256-SHA:​ECDHE-ECDSA-AES256-SHA:​DHE-RSA-AES128-SHA256:​DHE-RSA-AES128-SHA:​DHE-DSS-AES128-SHA256:​DHE-RSA-AES256-SHA256:​DHE-DSS-AES256-SHA:​DHE-RSA-AES256-SHA:​!aNULL:​!eNULL:​!EXPORT:​!DES:​!RC4:​!3DES:​!MD5:​!PSK"</​i>​
 +     <​br/>​
 +     <​br/>​
 +     <​table border="​0"​ cellpadding="​0"​ cellspacing="​0"​ width="​850">​
 +      <tr>
 +       <​td align="​center"​ style="​BORDER-TOP:​ gray 1pt solid; BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BORDER-BOTTOM:​ gray 1pt solid; BACKGROUND-COLOR:​ #​969696">​
 +        <b>
 +        <font color=black>​
 +         ​server.xml
 +         </​font>​
 +        </b>
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        ...
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        &​nbsp;&​lt;​Service name="​Catalina"&​gt;​
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​lt;​Connector port="​80"​ protocol="​HTTP/​1.1"​ maxKeepAliveRequests="​1000"​ disableUploadTimeout="​true"​ ...
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;​redirectPort="​443"​ minSpareThreads="​50"​ maxThreads="​2000"​ acceptCount="​200"​ ...
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;​connectionTimeout="​120000"​ address="​0.0.0.0"​ socketBuffer="​16384"​ /&gt;
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​lt;​Connector port="​443"​
 +        <span style="​color:​ #​FF0000">​
 +         ​SSLCipherSuite="​ECDHE-RSA-AES128-GCM-SHA256:​ECDHE-ECDSA-AES128-
 +         <​br/>​
 +         &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;​GCM-SHA256:​ECDHE-RSA-AES256-GCM-SHA384:​ECDHE-ECDSA-AES256-GCM-SHA384:​
 +         <​br/>​
 +         &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;​DHE-RSA-AES128-GCM-SHA256:​DHE-DSS-AES128-GCM-SHA256:​EDH+AESGCM:​ECDHE-
 +         <​br/>​
 +         &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;​RSA-AES128-SHA256:​ECDHE-ECDSA-AES128-SHA256:​ECDHE-RSA-AES128-SHA:​ECDHE-
 +         <​br/>​
 +         &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;​ECDSA-AES128-SHA:​ECDHE-RSA-AES256-SHA384:​ECDHE-ECDSA-AES256-SHA384:​ECDHE-
 +         <​br/>​
 +         &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;​RSA-AES256-SHA:​ECDHE-ECDSA-AES256-SHA:​DHE-RSA-AES128-SHA256:​DHE-RSA-
 +         <​br/>​
 +         &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;​AES128-SHA:​DHE-DSS-AES128-SHA256:​DHE-RSA-AES256-SHA256:​DHE-DSS-AES256-SHA:​
 +         <​br/>​
 +         &​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;&​nbsp;​DHE-RSA-AES256-SHA:​!aNULL:​!eNULL:​!EXPORT:​!DES:​!RC4:​!3DES:​!MD5:​!PSK"​
 +        protocol="​HTTP/​1.1"​ ...
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        ...
 +       </​td>​
 +      </tr>
 +      <tr>
 +       <​td style="​BORDER-LEFT:​ gray 1pt solid; BORDER-RIGHT:​ gray 1pt solid; BORDER-BOTTOM:​ gray 1pt solid; BACKGROUND-COLOR:​ #​eaeaea">​
 +        ...
 +       </​td>​
 +      </tr>
 +     </​table>​
 +    </​font></​li>​
 +    <​li><​font color=black>​
 +     Save and exit from the text editor.
 +    </​font></​li>​
 +   </​ul>​
 +   <​br/>​
 +  </​font></​li>​
 +  <​li><​font color=black>​
 +   ​Restart the AhsayCBS service.
 +  </​font></​li>​
 + </​ol>​
 +</​html>​
 +
 +
 +===== Keywords =====
 +improve, security, cert, ssl, freak, weak, cipher, ciphersuite,​ suite, key
public/5116_faq/how_to_provide_a_higher_level_of_ssl_security_for_ahsaycbs.txt · Last modified: 2021/12/15 18:48 by anna.olalia

Page Tools