This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- FlexNet Operations
- :
- FlexNet Operations Knowledge Base
- :
- How to configure Flexnet Operations v12.11 to support only TLS communication?
Subscribe
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
How to configure Flexnet Operations v12.11 to support only TLS communication?
How to configure Flexnet Operations v12.11 to support only TLS communication?
Summary
This article shows how to disable weak deciphers (including SSLv2/SSLv3) and only allow TLS to avoid security vulnerabilities.Question
How to configure Flexnet Operations to support only TLS communication?Answer
1. Locate the "Connector" section from the following server.xml file:< ops_install_dir>\site\server\server\flexnet\deploy\jboss-web.deployer\server.xml
2. Ensure that the change is made in the "Connector" section that says "SSLEnabled=true":
===
<Connector port="8444" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" server="FNO Server"
scheme="https" secure="true" clientAuth="false"
keystoreFile="C:\FNO_TEAM_INSTALLS\FNO_WHITEHAT\site\bin\keystore.jks"
keystorePass="${flexnet.ssl.keystore.password}" sslProtocol = "TLS"
allowTrace="false" useBodyEncodingForURI="true"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA"/>
===
3. Restart FNO server:
> flexnet stop
> flexnet start
Note 1: refer to the following on how to disable week ciphers on application servers:
===
FlexNetOperations_Installation.pdf ->
Configuring FlexNet Operations After Installation ->
Configuring FlexNet Operations for Secure Socket Layer ->
Configuring Secure Socket Layer in FlexNet Operations to Disable Weak Ciphers
===
Note 2: the order of cipher suites does not decide on the priority of those communication protocols;
they just indicate what protocols the application server supports (and communication using protocols
that are not listed in "ciphers" will get rejected).
No ratings