Absent Member.. Pamela Harrod Absent Member..
Absent Member..
120 views

(OO) Support Tip: How to disable weak ciphers for OO version 9.07?

How to disable weak ciphers for OO version 9.07?

SSL ciphers are configured in jetty. This issue can be fixed by disabling the ciphers in the jetty configuration file (%iconclude_home%\central\conf\jetty.xml).
** Please note that the excluded list should use the Java cipher names not OpenSSL names.

Additionally, please note that in the line that the uppercase e in exclude may need to be lowercase instead ("excludeCipherSuites"). If the uppercase e does not work, please try with the lowercase e instead.

Please see the following URLs for additional information:
- http://wiki.eclipse.org/Jetty/Howto/CipherSuites
- http://www.openssl.org/docs/apps/ciphers.html

Please try the following:
Modify jetty.xml in each instance(Central and if needed RAS).
1. Stop OO services rscentral and rsjras.
2. Edit Central %iconclude_home%\central\conf\jetty.xml
search for this section:

<!-- HTTPS_SECTION_BEGIN -->

<Call name="addConnector">

<Arg>

<New class="org.mortbay.jetty.security.SslSelectChannelConnector">

<Set name="Port">8443</Set>

<Set name="maxIdleTime">30000</Set>

<Set name="Acceptors">25</Set>

<Set name="AcceptQueueSize">1000</Set>

<Set name="Keystore"><SystemProperty name="jetty.home" default="." />/../Central/conf/rc_keystore</Set>

<Set name="Password">OBF:1j1o1lmn1hv41lti1950194q1lqg1hse1lj31iz6</Set>

<Set name="KeyPassword">OBF:1j1o1lmn1hv41lti1950194q1lqg1hse1lj31iz6</Set>

3. Add this section modified for the Ciphers needed:

<!--you can disable cipher suites in the following section. Only supported cipher suites should be listed in this section. -->

<Set name="ExcludeCipherSuites">

<Array type="java.lang.String">

<Item>SSL_RSA_WITH_3DES_EDE_CBC_SHA</Item>

<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>

<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>

<Item>SSL_RSA_WITH_DES_CBC_SHA</Item> <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>

<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>

<Item>TLS_DHE_RSA_WITH_DES_CBC_SHA</Item> <Item>TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>

<Item>TLS_RSA_WITH_DES_CBC_SHA</Item>

<Item>TLS_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>

<Item>TLS_RSA_EXPORT_WITH_RC4_40_MD5</Item>

</Array>

</Set>

4. Save file and restart services.

Please see the knowledge document at https://softwaresupport.hp.com/km/KM02003788

Labels (2)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.