How to change ciphers in CA Release Automation
search cancel

How to change ciphers in CA Release Automation

book

Article ID: 110917

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio) CA Release Automation - DataManagement Server (Nolio)

Issue/Introduction

The PCI Scan came back with Below for the secure Management Server(ROC) 

List of medium strength SSL ciphers supported by the remote server : Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES) EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1 ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

As per security consideration there is a need to change the ciphers to high security standards. This document list down the steps on how it can be configured.

Environment

CA Release Automation: 6.2 and higher

Resolution

You can include below list of ciphers and SSL protocol in server.xml and the product will start using appropriate ciphers.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                          compression="on"
                          compressionMinSize="102400"
                          compressableMimeType="application/x-java-serialized-object"
                          SSLEnabled="true"
                          maxThreads="150"
                          scheme="https"
                          secure="true"
                          clientAuth="false"
                          sslEnabledProtocols="TLSv1.2"
                          keyAlias="nolioserver"
                          keystoreFile="conf/nolio.jks"
                          keystorePass="********************"
                          maxSwallowSize="-1"
                          server="Unknown"
                         ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,
                        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
                        TLS_RSA_WITH_AES_128_CBC_SHA256,
                        TLS_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                        TLS_RSA_WITH_AES_256_CBC_SHA,
                        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                        TLS_RSA_WITH_AES_256_CBC_SHA256,
                        TLS_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384">
    </Connector>
 

Powered by Wolken Software