Disabling Cipher suites in CA API Developer Portal 4.2.x

book

Article ID: 130784

calendar_today

Updated On:

Products

CA API Developer Portal CA API Gateway

Issue/Introduction



How can we see and adjust what cipher suites are available with CA API Developer Portal 4.2.x ?

Environment

Release: APIXSN99000-4.3-API Developer Portal-Enhanced Experience-non-production
Component:

Resolution

Please have a look at 
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/4-2/install-configure-and-upgrade/create-and-sign-certificates-for-production.html

If you run our 'update-dispatcher.sh' util script to use the CA signed certificate as described on the mentioned page, then it's automatically overwriting cipher suites to the following cipher suites for the dispatcher service of the external(newly provisioned) tenant: 

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; 


If you want to restrict this to other cipher suites, you would need to adjust that script accordingly and rerun the script.

Additional Information

The 'update-dispatcher.sh' util script is available in 4.2.5.1 and later.