Skip to main content
AdoboAdobo
AdoboAdobo
Participant
March 9, 2018
Question

Where to specify? SSL Protocol and Cipher Suite

  • March 9, 2018
  • 1 reply
  • 949 views

Please assist in determining the correct place to specify preferred SSL Protocol and Cipher Suite for AMS?

Example:

sslProtocol="TLSv1.2"

cipher-suite="TLS_ECDHE_RSA_WITH_AES256_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"

This topic has been closed for replies.

1 reply

S
Adobe Employee
sanjeev_pandey27
Adobe Employee
March 12, 2018

Hi there,

What is the requirement to specify a certain version for SSL?

For Cipher suite please see Server.xml (Line 111) under <ams installation root folder>\conf\ and in Adaptor.xml (Line 254) under <ams installation root folder>\conf\_defaultRoot_.

Regards

Sanjeev

AdoboAdobo
AdoboAdoboAuthor
Participant
March 12, 2018

TLSv1.2 is the advised SSL Protocol version our Security Team requires us to implement (Is it possible to specify this?). In regards to the Cipher Suite, I see that the format in adaptor and server XML files uses the following:

Would it still function the same way if I use the following format:

cipher-suite="TLS_ECDHE_RSA_WITH_AES256_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"

Thanks

S
Adobe Employee
sanjeev_pandey27
Adobe Employee
March 13, 2018

Hi,

Choosing cipher suite is a browser consideration. As far as AMS is concerned it supports all cipher suites, since we are almost always on latest version of openssl.

check the ciphers supported by the browser using this link : SSL Cipher Suites Supported By Your Browser

About the format, here is an example on how you can use additional attribute for ciphers -

<SSLCipherSuite>

EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA

</SSLCipherSuite>

Note: AMS does not support SSLv2 or V3 anymore. So, any ciphers which rely on SSLv3 and SSLv2 would not be considered in server-client handshake.

Regards

Sanjeev

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices