Previously,  via arcotcommon.ini one could not specify a granular combination of Protocol/Cipher Suites  to use for SSL connection. In the "ssl/config" section of file arcotcomm.ini  one could only specify  high level SSL protocols like such:

[ssl/config]

sslContextAlgorithm=TLS

Now, via arcotcommon.ini one can specify a granular combination of Protocol/Cipher Suites to use for SSL connection.  Refer to the configuration below:

--- Risk Auth Server

  RiskAuthSupportedProtocols - List of supported protocols(tlsv1,tlsv1.1,tlsv1.2 - lowercase only) for RiskAuth Server

  RiskAuthCipherSuites - List of supported cipher suites with names as mentioned in document ( https://www.openssl.org/docs/man1.0.2/man1/ciphers.html ) for RiskAuth Server

  Ex:

  [ssl/config]

  RiskAuthSupportedProtocols=tlsv1.2

  RiskAuthCipherSuites=ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256

  The above example makes RiskAuthentication server to communicate only on tlsv1.2 protocol with ECDHE-ECDSA-AES256-GCM-SHA384  and ECDHE-ECDSA-AES128-GCM-SHA256 CipherSuites.

  --- Strong Auth Server

  StrongAuthSupportedProtocols - List of supported protocols(tlsv1,tlsv1.1,tlsv1.2 - lowercase only) for StrongAuth Server

  StrongAuthCipherSuites - List of supported cipher suites with names as mentioned in document ( https://www.openssl.org/docs/man1.0.2/man1/ciphers.html ) for RiskAuth Server

  Ex:

  [ssl/config]

  StrongAuthSupportedProtocols=tlsv1.2

  StrongAuthCipherSuites=ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256

Release: 9.x 

Component: CA Strong Authentication and CA Risk Authentication

A restart of the following components is required for the configuration discussed above to take effect. Please restart the following Advanced Authentication servers (Advanced Authentication is being used interchangeably with CA Strong/Risk Authentication. 

1. arcotuds. 

2. arcotadmin

3. arcotwebfort

4. arcotriskfort