Below are the steps to add or remove ciphers in NCM:
- Log into the Application Server via CLI
- Set home variable by doing the following:
source /etc/voyence.conf - Navigate to $VOYENCE_HOME/ncmcore/conf
- You will find server.xml file here
- Create a backup of server.xml file before making any changes so you can restore the file any moment
- Open server.xml in vi editor mode: vi server.xml
- Enable vi edit mode by pressing "i"
- Navigate to below tag in server.xml file:
<!-- <Connector port="8880" maxHttpHeaderSize="8192" maxThreads="100" minSpareThreads="5" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true" ^M
acceptCount="100" scheme="https" secure="true" protocol="org.apache.coyote.http11.Http11NioProtocol"^M
keystoreFile="/opt/smarts-ncm/conf/voyence-ssl.keystore"^M
clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true" keystorePass="change management"^M
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5"/> --> - Uncomment the Connector tag by removing "<!--" open and "-->" closing tags. (Note: You will find two <Connector port="8880"> tags in server.xml. One will be uncommented by default (below line <Executor maxThreads="300" minSpareThreads="50" name="tomcatThreadPool" namePrefix="tomcat-http--"/>) You will have to uncomment tag above this tag.)
- Add or remove ciphers from above ciphers="" option ( Refer EMC Smarts Network Configuration Manager Security Configuration Guide to know list of supported ciphers for customer's NCM version)
- To save changes press ESC key and type !wq
- Restart vcmaster service to apply changes:
service vcmaster restart
To verify cipher used by browser after changes are made:
1.Open Mozilla firefox browser
2. Navigate to url https://<AS IP>:8880
3. You will receive unsecure connection error displayed on browser screen
4. Click Advanced
5. Click Add Exception
6. You will see Apache tomcat homepage
7. Right click on empty space. Select "View Page info"
8. Go to Security Tab
9. Under "Technical Details" section you will find the cipher that is used by the browser after changes were applied in server.xml file