RSA Admin

Disabling weak ciphers in the keystore.ini file

Discussion created by RSA Admin Employee on Feb 25, 2011
Latest reply on Mar 2, 2011 by RSA Admin

I'm prepping for an 3.7.0 upgrade to version 4.0.  

 

We disabled weak ciphers on 3.7.0 in two places:

 

  • E:\nic\3700\<nodename>\conf\server.xml
  • C:\Program Files (x86)\Dell\SysMgt\iws\config\keystore.ini 

This was done by adding this value to each file:cipher_suites = SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA

 

I recently got feedback that the server.xml file needs to have more properties in the cipher string, and was advised to add this: 
ciphers="SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"

 

 

My question is, should this longer cipher_suites property in keystore.ini also have as many values as the one in the server.xml file?   

 

Outcomes