GCM ciphers should be enabled especially because of their efficiency. Major websites, notably those under Google, use them. The following two ciphers are supported by all major browsers:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Note that GCM ciphers are supported only on JDK-8 at the time of writing.
Follow these steps to enable them:
1. open FAS configuration file at <FAS>/domain/configuration/fas.properties
2. find the following lines
'openssl.cipher.suites='
3. append to the end the ciphers so that it reads
openssl.cipher.suites=SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Restart FAS, go to the CSDK sample page or your webapp and verify your browser is now using one of them.
Comments
0 comments
Please sign in to leave a comment.