The set of TLS protocols and cipher suites used for backend communication (between the Spotfire Server, the Node Manager and the various services handled by the Node Manager) are configurable.
To configure the cipher suits used for backend communication modify the configuration.xml file.
See the following documentation page for more information on editing the configuration file.
Locate the section surrounded by tags <trust> and add enabled TLS protocols.
Example how trust looks after configuring the TLS protocols and cipher suites used for backend trust:
<trust> <registration-connector> <attributes /> </registration-connector> <backend-connector> <attributes /> </backend-connector> <enabled-tls-protocols> <enabled-tls-protocol>TLSv1.2</enabled-tls-protocol> <enabled-tls-protocol>TLSv1.1</enabled-tls-protocol> <enabled-tls-protocol>TLSv1</enabled-tls-protocol> </enabled-tls-protocols> <enabled-tls-cipher-suites> <enabled-tls-cipher-suite>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</enabled-tls-cipher-suite> <enabled-tls-cipher-suite>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</enabled-tls-cipher-suite> <enabled-tls-cipher-suite>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</enabled-tls-cipher-suite> <enabled-tls-cipher-suite>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</enabled-tls-cipher-suite> <enabled-tls-cipher-suite>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</enabled-tls-cipher-suite> </enabled-tls-cipher-suites> </trust>
Upload the edited configuration file back to the Spotfire database and restart the Spotfire Server. Disable undesired default cipher suites on Node Manager machine.
Comments
0 comments
Article is closed for comments.