相关文章推荐
小百科  ›  How do I set the security protocol and update the cipher suites used by the EUM Server?
tls aes cbc
很拉风的沙滩裤
1 年前
Click the Start a free trial link to start a 15-day SaaS trial of our product and join our community as a trial user. If you are an existing customer do not start a free trial. AppDynamics customers and established members should click the sign in button to authenticate.

Similar to the steps outlined in the Set the Security Protocol document for the Controller, you can also set the security protocol or update the existing security protocol used by the EUM Server. The document link above refers to changing these settings for the Controller. However, these can be applied when setting the JRE security protocol for the EUM Server. The location of the JRE installation and java.security file for the EUM Server is the major difference to keep in mind when following the steps for the Controller. The process is still the same.

To enable encryption keys up to 256-bit in the EUM Server, download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files within the EUM Server's embedded Java runtime.

  • Download the Unlimited Strength Jurisdiction Policy Files from the following location:
    http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

  • Stop the EUM app server.

  • Install the policy files in the JRE installed under the EUM Server's "Installation Path".

  • Start the EUM app server.

    • After restarting the EUM app server, the following cipher suites become available:

  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA

    • If you want to modify the cipher suites, you can use the following steps. Please note that the example below shows how you would disable the DES cipher.

  • Download the Unlimited Strength Jurisdiction Policy Files from the following location:
    http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html .

  • Extract the contents of the downloaded policy files.

  • Stop the EUM app server.

  • Make a copy of the original JCE policy files ( US_export_policy.jar and local_policy.jar ).

  • Replace the strong policy files in EUM Server's <java-home>\lib\security directory with the unlimited strength versions extracted during Step 2.

  • From the EUM Server's <java-home>\lib\security directory, m ake a copy of the java.security file and add the line jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, DES RSA keySize < 2048 to the original file.

  • Save the changes.

  • Start the EUM app server.


    • As always, when making a change that will affect the availability and security of a production environment, we recommend testing in a development/pre-prod environment first to ensure you get the results you expect. Once verified outside of production, you can then follow the same steps in the live production environment. Precautionary measures such as backing up the original file before modification are always a good idea.

     
    推荐文章
    Link管理   ·   51好读   ·   Sov5搜索   ·   小百科
    小百科 - 百科知识指南