Layer7 API Management

Expand all | Collapse all

Configure cluster wide default TLS Cipher Suites on the gateway

Jump to Best Answer
  • 1.  Configure cluster wide default TLS Cipher Suites on the gateway

    Posted 01-11-2018 09:41 AM

    How do I configure cluster wide default TLS Cipher Suites on the gateway to apply across all transport protocols supported by the gateway. I know this can be done on a Listen Port for incoming traffic and Route Via assertion for outbound communications with downstream application servers. Rather than configuring in every Listen Port and Route Via assertion and override current default ciphers, I would like to configure system wide default TLS ciphers and automatically reflect in Listen Ports and Route Via assertions, then override those defaults on case by case when needed.



  • 2.  Re: Configure cluster wide default TLS Cipher Suites on the gateway
    Best Answer

    Broadcom Employee
    Posted 01-14-2018 10:15 PM

    Dear vchintala ,

    You can try the java options:

    -Dhttps.cipherSuites

    for example, modify /opt/SecureSpan/Gateway/node/default/etc/conf/node.properties

    add one line or modify the line,

    node.java.opts = -Dhttps.cipherSuites=SSL_RSA_WITH_RC4_128_MD5,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

     

    restart gateway to take effect.

     

    Regards,

    Mark