How to disable SSLv3 and RC4 ciphers in eHealth web server
Article ID: 93234
Security scans reveal use of unsupported protocols for the environment. Specifically the SSLv3 and RC4 Ciphers.
They must be disabled, or the server will be shut down and locked out of the network due to the potential security vulnerabilities the working protocol presents.
All supported eHealth releases
Use -strongCipher option with the nhWebProtocol command.
nhWebProtocol -mode https -hostname <serverHostName> -port <WebServerPort> -strongCipher
If not using SSL, set the -mode to http.
Replace <serverHostName> with the servers real host name.
Replace <WebServerPort> with the web servers port.
This will trigger a re-write of the $NH_HOME/web/httpd/httpd.tpl file. Within we should see protocols disabled after having a leading exclamation point (!) character added to the protocol entry.
It should look something like this in the httpd.pl file:
Support recommends a web server services restart after this change, though it isn't a required step.