cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to configure Flexnet Operations v12.11 to support only TLS communication?

How to configure Flexnet Operations v12.11 to support only TLS communication?

Summary

This article shows how to disable weak deciphers (including SSLv2/SSLv3) and only allow TLS to avoid security vulnerabilities.

Question

How to configure Flexnet Operations to support only TLS communication?

Answer

1. Locate the "Connector" section from the following server.xml file:
< ops_install_dir>\site\server\server\flexnet\deploy\jboss-web.deployer\server.xml

2. Ensure that the change is made in the "Connector" section that says "SSLEnabled=true":
===
<Connector port="8444" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" server="FNO Server"
scheme="https" secure="true" clientAuth="false"
keystoreFile="C:\FNO_TEAM_INSTALLS\FNO_WHITEHAT\site\bin\keystore.jks"
keystorePass="${flexnet.ssl.keystore.password}" sslProtocol = "TLS"
allowTrace="false" useBodyEncodingForURI="true"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
/>
===

3. Restart FNO server:
> flexnet stop
> flexnet start

Note 1: refer to the following on how to disable week ciphers on application servers:
===
FlexNetOperations_Installation.pdf ->
Configuring FlexNet Operations After Installation ->
Configuring FlexNet Operations for Secure Socket Layer ->
Configuring Secure Socket Layer in FlexNet Operations to Disable Weak Ciphers
===

Note 2: the order of cipher suites does not decide on the priority of those communication protocols;
they just indicate what protocols the application server supports (and communication using protocols
that are not listed in "ciphers" will get rejected).
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Oct 19, 2018 09:04 PM
Updated by: