I'm prepping for an 3.7.0 upgrade to version 4.0.
We disabled weak ciphers on 3.7.0 in two places:
- C:\Program Files (x86)\Dell\SysMgt\iws\config\keystore.ini
This was done by adding this value to each file:cipher_suites = SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA
I recently got feedback that the server.xml file needs to have more properties in the cipher string, and was advised to add this:
ciphers="SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
My question is, should this longer cipher_suites property in keystore.ini also have as many values as the one in the server.xml file?