|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
|Issue||In some situations the RC4 cipher used by the Authentication Manager web tier needs to be updated to a different cipher suite (due to some vulnerabilities affecting the RC4 cipher (e.g., CVE-2013-2566). The article below provides steps to complete that task.|
|Resolution||The work around below can be applied to select a cipher other than RC4|
1. Login to the web tier server and navigate to <INSTALL DIR>\server\config. For example, C:\Program Files\RSA Security\RSA Authentication Manager\Webtier\server\config.
2. Take a backup of the config.xml file.
3. Open the config.xml file and look for the line below:
4. Choose another cipher suite and replace the value. You can find more information about available weak ciphers in Weblogic application servers here. If, for example, you want to to use AES256-SHA, modify the line as shown below:
5. Restart the RSA web tier service.
|Notes||Note that this solution will need to be applied each time the web tier server is upgraded.|