When CA Process Automation components are installed on Java virtual machines, JVMs such as Java 6 allow Medium and Weak ciphers in communications with agents. To secure these communications, add strong cipher values to the Oasis.Config properties file in the following directory:
install_dir\server/c2o\config\
The following properties relate to ciphers used in SSL communication:
Specifies a comma-separated list of ciphers to use for SSL communication between the Domain Orchestrator and clients such as browsers and web services. The cipher list can vary by the operating system and JVM that are on the host. The following example shows a typical specification of strong JBoss ciphers:
jboss.ssl.ciphers=SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
Specifies a comma-separated list of ciphers to use for SSL communication with agents. The product adds this property to agents during silent installation. The following example shows a typical specification of Jetty ciphers:
jetty.ssl.ciphers=SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA
Copyright © 2014 CA.
All rights reserved.
|
|