Introduction
You might want to modify the ciphers used in the SSL exchange in Live Assist's products. To do so you'll need to edit the fas.properties file, make the necessary changes and then restart FAS.
Example 1 - removing ciphers
Here's an example of removing a weak, ephemeral Diffie-Hellman public key
1. Make a back up of your fas.properties file
cd /opt/cafex/FAS-2.1*/domain/configuration
cp fas.properties fas.bak-<date>
2. Edit fas.properties and remove the weak encryption ciphers
vi fas.properties and make the following changes to the jsse cipher suites:
Before:
jsse.cipher.suites=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
After:
jsse.cipher.suites=SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
3. Restart FAS from the command line
# service fas restart
Example 2 - adding ciphers
Here's an example of adding GCM ciphers ( GCM ciphers are supported only on JDK-8 at the time of writing.)
1. Make a back up of your fas.properties file
cd /opt/cafex/FAS-2.1*/domain/configuration
cp fas.properties fas.bak-<date>
2. Edit fas.properties and add the new encryption ciphers by append ingto the end the ciphers so that it reads
openssl.cipher.suites=SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
3. Restart FAS from the command line
# service fas restart
If you have any queries contact Customer Support
Comments
0 comments
Please sign in to leave a comment.