Guidelines for Allowed ciphers and Named groups
Article ID: 442265
Updated On:
Products
Issue/Introduction
As per our guidelines, there are a list of allowed ciphers and named groups that we need to use.
Vantage Web Client here is already update to use TLS1.3. However I don't see the ciphersuite listed in the server.xml. Is there a requirement to specify the ciphersuite?
Secondly, we need to use named groups as per our firm. What is the option to specify named groups and where is to be specified?
Resolution
The cipher can be specified inside the Connector tag of server.xml file, right after protocol, like this:
protocols="+TLSv1.3" ciphers="TLS_AKE_WITH_AES_128_GCM_SHA256,TLS_AKE_WITH_AES_256_GCM_SHA384"
About the named groups, to be specified in the VANWEBUI started task proc, something like this.
IJO="$IJO -Djdk.tls.namedGroups=group1,group2,group3"
If there are more named groups then these can be split into multiple lines. The line continuation character "\" needs be on or before line 72 and should NOT be after line 72.
The named tags should be specified after this statement
IJO="$IJO -Djava.awt.headless=true"
Feedback
