This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
public:5116_faq:how_to_provide_a_higher_level_of_ssl_security_for_ahsaycbs [2018/01/12 14:02] edward.chan |
public:5116_faq:how_to_provide_a_higher_level_of_ssl_security_for_ahsaycbs [2021/04/30 16:22] edward.chan |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ===== FAQ: How to provide a higher level of SSL security for AhsayCBS ===== | ||
+ | <html> | ||
+ | <b> | ||
+ | Article ID: | ||
+ | </b> | ||
+ | 5116 | ||
+ | <br/> | ||
+ | <b> | ||
+ | Reviewed: | ||
+ | </b> | ||
+ | 13/11/2017 | ||
+ | <br/> | ||
+ | <br/> | ||
+ | <b> | ||
+ | Product Version: | ||
+ | </b> | ||
+ | <br/> | ||
+ | AhsayCBS: 7.3 or above | ||
+ | <br/> | ||
+ | OS: All platforms | ||
+ | </html> | ||
+ | |||
+ | |||
+ | ===== Description ===== | ||
+ | This article provides instruction on how to provide a higher level of SSL security for AhsayCBS. | ||
+ | |||
+ | |||
+ | ===== Steps ===== | ||
+ | <html> | ||
+ | To disable all weak cipher suite on AhsayCBS: | ||
+ | <br/> | ||
+ | <ol> | ||
+ | <li><font color=black> | ||
+ | Edit the server.xml file found under ${Install-Home}\conf | ||
+ | <br/> | ||
+ | <br/> | ||
+ | <ul> | ||
+ | <li><font color=black> | ||
+ | Open 'server.xml' with a text editor: | ||
+ | <br/> | ||
+ | <br/> | ||
+ | <table border="0" cellpadding="0" cellspacing="0" width="850"> | ||
+ | <tr> | ||
+ | <td align="center" style="BORDER-TOP: gray 1pt solid; BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BORDER-BOTTOM: gray 1pt solid; BACKGROUND-COLOR: #969696"> | ||
+ | <b> | ||
+ | <font color=black> | ||
+ | server.xml | ||
+ | </font> | ||
+ | </b> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ | ... | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ |  <Service name="Catalina"> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ |             <Connector port="80" protocol="HTTP/1.1" maxKeepAliveRequests="1000" disableUploadTimeout="true" ... | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ |                 redirectPort="443" minSpareThreads="50" maxThreads="2000" acceptCount="200" ... | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ |                 connectionTimeout="120000" address="0.0.0.0" socketBuffer="16384" /> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ |             <Connector port="443" | ||
+ | <font color=#FF0000> | ||
+ | SSLCipherSuite="HIGH:!aNULL:!MD5" | ||
+ | </font> | ||
+ | protocol="HTTP/1.1" ... | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ | ... | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BORDER-BOTTOM: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ | ... | ||
+ | </td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | </font></li> | ||
+ | <li><font color=black> | ||
+ | Update the SSLCipherSuite parameter with: | ||
+ | <br/> | ||
+ | <br/> | ||
+ | <i>SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:EDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"</i> | ||
+ | <br/> | ||
+ | <br/> | ||
+ | <table border="0" cellpadding="0" cellspacing="0" width="850"> | ||
+ | <tr> | ||
+ | <td align="center" style="BORDER-TOP: gray 1pt solid; BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BORDER-BOTTOM: gray 1pt solid; BACKGROUND-COLOR: #969696"> | ||
+ | <b> | ||
+ | <font color=black> | ||
+ | server.xml | ||
+ | </font> | ||
+ | </b> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ | ... | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ |  <Service name="Catalina"> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ |             <Connector port="80" protocol="HTTP/1.1" maxKeepAliveRequests="1000" disableUploadTimeout="true" ... | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ |             redirectPort="443" minSpareThreads="50" maxThreads="2000" acceptCount="200" ... | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ |                 connectionTimeout="120000" address="0.0.0.0" socketBuffer="16384" /> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ |                 <Connector port="443" | ||
+ | <span style="color: #FF0000"> | ||
+ | SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- | ||
+ | <br/> | ||
+ |                 GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: | ||
+ | <br/> | ||
+ |                 DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:EDH+AESGCM:ECDHE- | ||
+ | <br/> | ||
+ |                 RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE- | ||
+ | <br/> | ||
+ |                 ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE- | ||
+ | <br/> | ||
+ |                 RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA- | ||
+ | <br/> | ||
+ |                 AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA: | ||
+ | <br/> | ||
+ |                 DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK" | ||
+ | protocol="HTTP/1.1" ... | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ | ... | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="BORDER-LEFT: gray 1pt solid; BORDER-RIGHT: gray 1pt solid; BORDER-BOTTOM: gray 1pt solid; BACKGROUND-COLOR: #eaeaea"> | ||
+ | ... | ||
+ | </td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | </font></li> | ||
+ | <li><font color=black> | ||
+ | Save and exit from the text editor. | ||
+ | </font></li> | ||
+ | </ul> | ||
+ | <br/> | ||
+ | </font></li> | ||
+ | <li><font color=black> | ||
+ | Restart the AhsayCBS service. | ||
+ | </font></li> | ||
+ | </ol> | ||
+ | </html> | ||
+ | |||
+ | |||
+ | ===== Keywords ===== | ||
+ | improve, security, cert, ssl, freak, weak, cipher, ciphersuite, suite, key |