LoadRunner Enterprise Tips & Information

VTS secure cipher suites configuration for TLS 1.2 & 1.3

Pascal Calovini

1 Likes

over 1 year ago

Hi guys,

when you have to offer VTS over HTTPS, you have to define some configrations in configuration.json file.

BUT: there is a TLS padding oracle vulnerability in some cipher suites with ECDHE-RSA-AES256-SHA

Securiy Scan resulted: GOLDENDOODLE vulnerability found with ECDHE-RSA-AES256-SHA on TLSv1.2

So I've had to figure out, how to configure the value in "ciphers" besides "ALL" which is the only description in the onine help.

To get you out of trouble I share my knowledge with you, which works and is adaptable for future use.

"useSSL": true,
        "certificate": "PATH_TO_VALID_CERTIFICATE.pem",
        "privateKey": "PATH_TO_PRIVATE_KEY-FILE.key",
        "passphrase": "PRIVTAE_SECUREKEY",
        "ca": "vts.cer",
        "minVersion": "TLSv1.2",
        "maxVersion": "TLSv1.3",
        "ciphers": "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA",
        "requestClientCert": false

Tags:

cipher suites

TLS

configuration

SSL

customer stories

VTS

TLS1.2

Labels:

Customer Stories

How To-Best Practice

Support Tip

Comment List

Recommended

Menu

LoadRunner Enterprise Tips & Information

VTS secure cipher suites configuration for TLS 1.2 & 1.3

Tags:

Labels:

Resources