Hi,

I'm trying to disable SSL3 and weak ciphers on access manager 3.0.4 (yes
I know it's ancient but that's what I have )

My connector looks like this in server.xml on the linux AG:

<Connector className="org.apache.coyote.tomcat4.CoyoteConnect or"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true"
sslProtocol="TLSv1.2"
sslEnabledProtocols="SSLv2Hello,TLSv1,TLSv1.1,TLSv 1.2"
ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA
_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_C
BC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA">
<Factory
className="org.apache.coyote.tomcat4.CoyoteServerS ocketFactory"
clientAuth="false" protocol="TLS" />
</Connector>

But according to the scan on ssllabs.com, SSL3 is still an option. The
only documentation I found on novell's site is for AM 3.2 and up. Any
idea how to do this? One thing I don't quite understand is the port for
this connector is 8443 even though my site uses 443 for SSL? Is AM
doing some sort of redirection?


--
jeynon
------------------------------------------------------------------------
jeynon's Profile: https://forums.netiq.com/member.php?userid=3378
View this thread: https://forums.netiq.com/showthread.php?t=52294