DX Application Performance Management

 View Only
  • 1.  Need "webview jetty config" help....ASAP!!!

    Posted Mar 23, 2016 12:07 PM

    On WebView install v10.1 will I need to add the following lines to the “webview-jetty-config.xml” file?

     

    <!-- This is for LogJam Vulnerability and also for BAE Systems

    for C&A efforts to address SSL Cipher Vulnerabilities

    -->

    <Set name="cipherSuites">

    <Array type="java.lang.String">

    <Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>

    <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>

    <Item>TLS_EMPTY_RENEGOTIATION_INFO_SCSV</Item>

    </Array>

    </Set>

     

    Because it already has the following entries…

     

    <!-- List of accepted protocols. You can add or remove any individual protocols (under <Item>) but do not comment out the whole set as EM start up will fail -->

    <!-- SSLv2Hello can be added for compatibility purpose when using SUN/Oracle JVM-->

    <!-- SSLv2Hello is not an accepted protocol for IBM JVM. Use SSL instead of SSLv2Hello if using IBM JVM -->

    <!-- IBM JVM  also provides the following protocols which can be added below: SSL_TLSv2, SSL_TLS, SSL -->

    <Set name="protocols">

    <Array type="java.lang.String">

    <Item>TLSv1.2</Item>

    <Item>TLSv1.1</Item>

    <Item>TLSv1</Item>

    </Array>

      </Set>

     

    KulbirNijjer Hiko_Davis Guenter_Grossberger Keith.W Viruvaibhav_apm nkarthik Fred.K whibr08 Richard_Little



  • 2.  Re: Need "webview jetty config" help....ASAP!!!

    Broadcom Employee
    Posted Mar 23, 2016 05:26 PM

    You can just add as a separate set element block i.e.

    <Set name="protocols">

              <Array type="java.lang.String">

                <Item>TLSv1.2</Item>

                <Item>TLSv1.1</Item>

                <Item>TLSv1</Item>           

              </Array>

    </Set>

    <Set name="cipherSuites">

              <Array type="java.lang.String">

                  <Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>

                  <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>

                  <Item>TLS_EMPTY_RENEGOTIATION_INFO_SCSV</Item>

              </Array>

    </Set>



  • 3.  Re: Need "webview jetty config" help....ASAP!!!

    Posted Mar 23, 2016 05:30 PM

    I will make that change in the file and test it out. Hopefully let you know by the end of the week.

     

    Thanks Lynn_Williams



  • 4.  Re: Need "webview jetty config" help....ASAP!!!
    Best Answer

    Broadcom Employee
    Posted Mar 23, 2016 05:36 PM

    Actually this was needed in 10.0 but it should not be needed in 10.1 :

    how to fix logjam vulnerability in introscope?



  • 5.  Re: Need "webview jetty config" help....ASAP!!!

    Posted Mar 23, 2016 05:47 PM

    Lynn_Williams

    Ok, so looks like I will not be needing the "cipherSuites" entry in 10.1 "webview-jetty-config.xml" file. The link you provided mentions this KB article written by Hallett_German which mentions details.

     

    Thanks everyone for helping.

     

    Cheers

    Manish