Administrator posted
over 10 years ago
AdminBest Answer
Solution:
Edit server.xml which is available in <eG installed directory>\eGurkha\manager\tomcat\conf, add the following attributes in the tomcat SSL connector definition
The below attributes has a dependency with the java used for the eG Manager. Hence we have listed the possible attributes based on the java version. You can pick the attributes based on the java version. But it is recommend to use the java 1.7 for the eG Manager which supports TLSv1.2 which is to be considered more secure one. This change requires manager restart.
for eG Managers with jdk 1.6 => sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1"
for eG Managers withjdk 1. 7 => sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
Edit server.xml which is available in <eG installed directory>\eGurkha\manager\tomcat\conf, add the following attributes in the tomcat SSL connector definition
The below attributes has a dependency with the java used for the eG Manager. Hence we have listed the possible attributes based on the java version. You can pick the attributes based on the java version. But it is recommend to use the java 1.7 for the eG Manager which supports TLSv1.2 which is to be considered more secure one. This change requires manager restart.
for eG Managers with jdk 1.6 => sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1"
for eG Managers withjdk 1. 7 => sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
How to enable TLS in SSL enabled eG Manager?
0 Votes
Administrator posted over 10 years ago Admin Best Answer
Solution:
Edit server.xml which is available in <eG installed directory>\eGurkha\manager\tomcat\conf, add the following attributes in the tomcat SSL connector definition
The below attributes has a dependency with the java used for the eG Manager. Hence we have listed the possible attributes based on the java version. You can pick the attributes based on the java version. But it is recommend to use the java 1.7 for the eG Manager which supports TLSv1.2 which is to be considered more secure one. This change requires manager restart.
for eG Managers with jdk 1.6 => sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1"
for eG Managers with jdk 1. 7 => sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
Sample entry from Server.xml
<Connector port="443" server="eG Tomcat Server" keystorePass="eginnovations" keystoreFile="webapps/eGmanager.bin" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" sslEnabledProtocols="TLSv1" sslProtocol="TLS" clientAuth="false" secure="true" scheme="https" SSLEnabled="true" compressableMimeType="text/html,text/xml,text/plain,application/x-java-applet,application/octet-stream,application/xml,text/javascript,text/css,image/png,image/jpeg,image/gif,application/pdf,application/x-javascript,application/javascript,application/json,application/x-shockwave-flash,application/xhtml+xml,application/xml+xhtml" noCompressionUserAgents="gozilla, traviata" compressionMinSize="1024" compression="on" tcpNoDelay="true" URIEncoding="UTF-8" useURIValidationHack="false" connectionTimeout="20000" acceptCount="10" enableLookups="false" maxThreads="512" minSpareThreads="64" protocol="HTTP/1.1"/>
0 Votes
1 Comments
Administrator posted over 10 years ago Admin Answer
Solution:
Edit server.xml which is available in <eG installed directory>\eGurkha\manager\tomcat\conf, add the following attributes in the tomcat SSL connector definition
The below attributes has a dependency with the java used for the eG Manager. Hence we have listed the possible attributes based on the java version. You can pick the attributes based on the java version. But it is recommend to use the java 1.7 for the eG Manager which supports TLSv1.2 which is to be considered more secure one. This change requires manager restart.
for eG Managers with jdk 1.6 => sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1"
for eG Managers with jdk 1. 7 => sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
Sample entry from Server.xml
<Connector port="443" server="eG Tomcat Server" keystorePass="eginnovations" keystoreFile="webapps/eGmanager.bin" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" sslEnabledProtocols="TLSv1" sslProtocol="TLS" clientAuth="false" secure="true" scheme="https" SSLEnabled="true" compressableMimeType="text/html,text/xml,text/plain,application/x-java-applet,application/octet-stream,application/xml,text/javascript,text/css,image/png,image/jpeg,image/gif,application/pdf,application/x-javascript,application/javascript,application/json,application/x-shockwave-flash,application/xhtml+xml,application/xml+xhtml" noCompressionUserAgents="gozilla, traviata" compressionMinSize="1024" compression="on" tcpNoDelay="true" URIEncoding="UTF-8" useURIValidationHack="false" connectionTimeout="20000" acceptCount="10" enableLookups="false" maxThreads="512" minSpareThreads="64" protocol="HTTP/1.1"/>
0 Votes
Login to post a comment