Message Image

Skip main navigation (Press Enter).

Layer7 API Management

View Only

Back to discussions

Expand all | Collapse all

Configure cluster wide default TLS Cipher Suites on the gateway

Jump to Best Answer

vchintalaJan 11, 2018 09:41 AM

How do I configure cluster wide default TLS Cipher Suites on the gateway to apply across all transport ...

Zhijun HeJan 14, 2018 10:15 PMBest Answer

Dear vchintala , You can try the java options: -Dhttps.cipherSuites for example, modify /opt/SecureSpan/Gateway/node/default/etc/conf/node.properties ...

1. Configure cluster wide default TLS Cipher Suites on the gateway

0 Recommend
vchintala
Posted Jan 11, 2018 09:41 AM

Reply Reply Privately
How do I configure cluster wide default TLS Cipher Suites on the gateway to apply across all transport protocols supported by the gateway. I know this can be done on a Listen Port for incoming traffic and Route Via assertion for outbound communications with downstream application servers. Rather than configuring in every Listen Port and Route Via assertion and override current default ciphers, I would like to configure system wide default TLS ciphers and automatically reflect in Listen Ports and Route Via assertions, then override those defaults on case by case when needed.
2. Re: Configure cluster wide default TLS Cipher Suites on the gateway
Best Answer

0 Recommend
Broadcom Employee

Zhijun He
Posted Jan 14, 2018 10:15 PM

Reply Reply Privately
Dear vchintala ,
You can try the java options:
-Dhttps.cipherSuites
for example, modify /opt/SecureSpan/Gateway/node/default/etc/conf/node.properties
add one line or modify the line,
node.java.opts = -Dhttps.cipherSuites=SSL_RSA_WITH_RC4_128_MD5,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

restart gateway to take effect.

Regards,
Mark

Copyright 2019. All rights reserved.

Powered by Higher Logic