SSL configurations are carried out at the JVM level for Ambience/Repertoire 202x.
-
Edit /conf/security/java.security file of the Java installation to prevent the Elixir Ambience/Repertoire Server from using weak ciphers.
-
Search for ‘jdk.tls.disabledAlgorithms=’ in /conf/security/java.security
-
Revise 'jdk.tls.disabledAlgorithms= ’ to include the required ciphers, e.g.
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, 3DES_EDE_CBC, CBC, TLS_RSA_*, CCM, CCM_8, MD5withRSA, SHA1, DH keySize < 2048, EC keySize < 224, anon, NULL, ECDH -
Run ‘java -XshowSettings:security -version 2>&1’ at the command line to verify the list of disabled algorithms printed towards the end of the stack.