Product:TIBCO Spotfire Server
Versions:10.0 and Higher
Summary:
How to configure TLS protocols and cipher suites used for backend trust in Spotfire Server 10.0
Details:
The set of TLS protocols and cipher suites used for backend communication (between the Spotfire Server, the Node Manager and the various services handled by the Node Manager) have been hard coded in versions prior to 10.0. In Spotfire Server 10.0 those values are configurable. In addition, in Spotfire Server 10.1 the defaults have changed for TLS and cipher suites.
Resolution:
To configure the cipher suits used for backend communication modify configuration.xml file. See documentation page for more information on editing configuration file. Locate the section surrounded by tags <trust> and add enabled TLS protocols.
Example how trust looks after configuring the TLS protocols and cipher suites used for backend trust:
Upload the edited configuration file back to the Spotfire database and restart the Spotfire Server. Disable undesired default cipher suites on Node Manager machine.
Versions:10.0 and Higher
Summary:
How to configure TLS protocols and cipher suites used for backend trust in Spotfire Server 10.0
Details:
The set of TLS protocols and cipher suites used for backend communication (between the Spotfire Server, the Node Manager and the various services handled by the Node Manager) have been hard coded in versions prior to 10.0. In Spotfire Server 10.0 those values are configurable. In addition, in Spotfire Server 10.1 the defaults have changed for TLS and cipher suites.
Resolution:
To configure the cipher suits used for backend communication modify configuration.xml file. See documentation page for more information on editing configuration file. Locate the section surrounded by tags <trust> and add enabled TLS protocols.
Example how trust looks after configuring the TLS protocols and cipher suites used for backend trust:
<trust>
<registration-connector>
<attributes />
</registration-connector>
<backend-connector>
<attributes />
</backend-connector>
<enabled-tls-protocols>
<enabled-tls-protocol>TLSv1.2</enabled-tls-protocol>
<enabled-tls-protocol>TLSv1.1</enabled-tls-protocol>
<enabled-tls-protocol>TLSv1</enabled-tls-protocol>
</enabled-tls-protocols>
<enabled-tls-cipher-suites>
<enabled-tls-cipher-suite>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</enabled-tls-cipher-suite>
<enabled-tls-cipher-suite>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</enabled-tls-cipher-suite>
<enabled-tls-cipher-suite>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</enabled-tls-cipher-suite>
<enabled-tls-cipher-suite>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</enabled-tls-cipher-suite>
<enabled-tls-cipher-suite>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</enabled-tls-cipher-suite>
</enabled-tls-cipher-suites>
</trust>
Upload the edited configuration file back to the Spotfire database and restart the Spotfire Server. Disable undesired default cipher suites on Node Manager machine.