Foglight Security - Restricting Ciphers used for Foglight Console access. (4299675)

How to restrict ciphers used for Foglight Tomcat Server?

Certain security protocols require certain ciphers to only be used.

For FMS 5.7.1 and higher, reference KB 87085

Workaround for 5.6.11 FMS and earlier:

1. Log into the Foglight Command Console
2. Navigate to the \server\default\deploy\jboss-web.deployer
3. Edit both files:
   
   server_https.xml
   server_full.xml
4. Search for the ciphers in the " compression="on" ciphers=" section
   a. Remove the unneeded ciphers
5. Restart the 'foglight' service.

Note: It is recommended to make a copy of the server_http.xml file and the server_fulll.xml prior to editing the file

The following ciphers have been tested and are compliant to a standard environment

SSLv3 128 bits AES128-SHA
SSLv3 128 bits DHE-RSA-AES128-SHA
SSLv3 128 bits RC4-MD5
SSLv3 128 bits RC4-SHA
SSLv3 168 bits DES-CBC3-SHA
SSLv3 168 bits EDH-RSA-DES-CBC3-SHA
TLSv1 128 bits AES128-SHA
TLSv1 128 bits DHE-RSA-AES128-SHA
TLSv1 128 bits RC4-MD5
TLSv1 128 bits RC4-SHA
TLSv1 168 bits DES-CBC3-SHA
TLSv1 168 bits EDH-RSA-DES-CBC3-SHA

It is possible that higher encryption can be used, but this is based per environment.