000031570 - How to disable RC4 cipher on the Authentication Manager 8.1 webtier

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000031570
Applies ToRSA Product Set:  SecurID

RSA Product/Service Type:  Authentication Manager

RSA Version/Condition:  8.1
IssueIn some situations the RC4 cipher used by the Authentication Manager web tier needs to be updated to a different cipher suite (due to some vulnerabilities affecting the RC4 cipher (e.g., CVE-2013-2566). The article below provides steps to complete that task.
ResolutionThe work around below can be applied to select a cipher other than RC4
 
1. Login to the web tier server and navigate to <INSTALL DIR>\server\config.  For example, C:\Program Files\RSA Security\RSA Authentication Manager\Webtier\server\config.

2. Take a backup of the config.xml file.
3. Open the config.xml file and look for the line below:

<ciphersuite>TLS_RSA_WITH_RC4_128_SHA</ciphersuite>

4. Choose another cipher suite and replace the value.  You can find more information about available weak ciphers in Weblogic application servers here.  If, for example, you want to to use AES256-SHA, modify the line as shown below:


<ciphersuite>TLS_RSA_WITH_AES_256_CBC_SHA</ciphersuite>


5. Restart the RSA web tier service.
NotesNote that this solution will need to be applied each time the web tier server is upgraded.

Attachments

    Outcomes