Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledge Base
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Columbus Signals Image Artist
Downloads
Downloads
Community
Support Forums Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

How to disable weak cipher suites which are used to encrypt the traffic between the Web player client and the Spotfire server.

Rich Talbot
  • Updated
Date Posted:
Product: TIBCO Spotfire®

Problem:

How to disable weak cipher suites which are used to encrypt the traffic between the Web player client and the Spotfire server.


Solution:

This article describes how to disable weak cipher suites e.g. DES based cipher suites which are used to encrypt the traffic between the Web player client and the Spotfire server. You can remove the ciphers in the ciphers list which you do not wish to use.
In Spotfire server installation directory, go to path \\spotfire_server_install_dir\tss\X.X\tomcat\conf. Here server.xml defines any https connector used by the Spotfire server.

If you want  to disable weak cipher suites e.g. DES based cipher suites, you can remove DES based ciphers in server.xml file from ciphers section in htpps connector section mention below:
-----------------------------------------------
<Connector port="443"
               maxHttpHeaderSize="16384"
               connectionTimeout="30000"
               enableLookups="false"
               URIEncoding="UTF-8"
               disableUploadTimeout="true"
               server="TIBCO Spotfire Server"
               compression="on"
               compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,image/svg+xml,application/xml,application/octet-stream"
               acceptorThreadCount="2"
               keepAliveTimeout="30000"
               maxKeepAliveRequests="-1"
               maxThreads="2000"
               SSLEnabled="true"
               scheme="https"
               secure="true"
               keystoreFile="./certs/najimtss01.jks"
               keystorePass="changeit"
               keystoreType="jks"
               keyAlias="najimtss01"
               truststoreFile="./certs/najimtss01.jks"
               truststorePass="changeit"
               truststoreType="jks"
               clientAuth="false"
               sslProtocol="TLS"
               sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
               useServerCipherSuitesOrder="true"
               ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA" />
-----------------------------------------------

From above  ciphers section, you can remove below DES based ciphers to disable weak ciphers suites:

TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA https://docs.tibco.com/pub/spotfire_server/7.10.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-58E436B3-A057-431C-B65C-92FCE34AB224.html

Related articles