Return
-
Title
How to disable SSL v3 and enforce TLS 1.2 for HTTPS connections on the FMS -
Description
How to disable SSL v3 and enforce TLS 1.2 for HTTPS connections on the Foglight Management Server -
Resolution
For Foglight 5.7.1+Modify the following file in the Foglight Management Server (FMS) Host<FMS home>/server/tomcat/server.xmlEditsslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello" bindOnInit="false"tosslProtocol="TLS" sslEnabledProtocols="TLSv1.2" bindOnInit="false"
Note: Changes should not be needed on Foglight 5.9.8+ installations as above changes are already the defaults.For Foglight 5.6.xModify the two files listed below:<FMS Home>/server/default/deploy/jboss-web.deployer/server_full.xmland<FMS Home>/server/default/deploy/jboss-web.deployer/server_https.xmlThen remove the attribute sslProtocol and add the attribute sslProtocols as follows (confirm spelling, leave other elements and attributes as is):<Connector ... sslProtocols="TLSv1, TLSv1.1, TLSv1.2,SSLv2Hello" ... />The cipher list can be adjusted as you seem fit, for exampleciphers="TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA"