(OO) Support Tip: How to disable weak ciphers for OO version 9.07?

How to disable weak ciphers for OO version 9.07?

SSL ciphers are configured in jetty. This issue can be fixed by disabling the ciphers in the jetty configuration file (%iconclude_home%\central\conf\jetty.xml).
** Please note that the excluded list should use the Java cipher names not OpenSSL names.

Additionally, please note that in the line that the uppercase e in exclude may need to be lowercase instead ("excludeCipherSuites"). If the uppercase e does not work, please try with the lowercase e instead.

Please see the following URLs for additional information:
- http://wiki.eclipse.org/Jetty/Howto/CipherSuites
- http://www.openssl.org/docs/apps/ciphers.html

Please try the following:
Modify jetty.xml in each instance(Central and if needed RAS).
1. Stop OO services rscentral and rsjras.
2. Edit Central %iconclude_home%\central\conf\jetty.xml
search for this section:

<!-- HTTPS_SECTION_BEGIN -->

<Call name="addConnector">

<Arg>

<New class="org.mortbay.jetty.security.SslSelectChannelConnector">

<Set name="Port">8443</Set>

<Set name="maxIdleTime">30000</Set>

<Set name="Acceptors">25</Set>

<Set name="AcceptQueueSize">1000</Set>

<Set name="Keystore"><SystemProperty name="jetty.home" default="." />/../Central/conf/rc_keystore</Set>

<Set name="Password">OBF:1j1o1lmn1hv41lti1950194q1lqg1hse1lj31iz6</Set>

<Set name="KeyPassword">OBF:1j1o1lmn1hv41lti1950194q1lqg1hse1lj31iz6</Set>

3. Add this section modified for the Ciphers needed:

<!--you can disable cipher suites in the following section. Only supported cipher suites should be listed in this section. -->

<Set name="ExcludeCipherSuites">

<Array type="java.lang.String">

<Item>SSL_RSA_WITH_3DES_EDE_CBC_SHA</Item>

<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>

<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>

<Item>SSL_RSA_WITH_DES_CBC_SHA</Item> <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>

<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>

<Item>TLS_DHE_RSA_WITH_DES_CBC_SHA</Item> <Item>TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>

<Item>TLS_RSA_WITH_DES_CBC_SHA</Item>

<Item>TLS_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>

<Item>TLS_RSA_EXPORT_WITH_RC4_40_MD5</Item>

</Array>

</Set>

4. Save file and restart services.

Please see the knowledge document at https://softwaresupport.hp.com/km/KM02003788

Tags: