Siteminder AdminUI Jboss

book

Article ID: 140393

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're trying to configure the AdminUI for SSL to restrict communication to
the TLS protocol only and our Security team reports that the SSLv3
protocol can still be used.

How can we check that ?

We've configured the JBoss server.xml that way :

  <Connector SSLEnabled="true" SSLProtocol="TLSv1.2"
  URIEncoding="UTF-8" acceptCount="100"
  ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
  TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384"

  [...]

 

Cause


We run the following command and it shows that the adminui on port 8443 is

negociating TLSv1 protocol :


   # openssl s_client -connect adminui_ip:8443 -crlf


   [...]


   New, TLSv1.1, Cipher is TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

   

   [...]


So the configuration is working as expected.



Environment


  AdminUI 12.52SP1CR09 on on Windows 2008 R2;


Resolution


Check with the security team to undestand how they see the SSLv3

protocol being still in use.