メインコンテンツまでスキップ

How do I disable SSLv3 on my Discovery Manager and Agents?

概要

This technote discusses how to disable SSLv3 on the Discovery Manager and Agent servers.


User-added image

Step through the following procedures to disable SSLv3:

Discovery Manager (Premises version only)

  1. Stop the Discovery Manager service.

  2. Open the following server.xml file in a text editor:

<Discovery Manager installation directory>\tomcat\conf\server.xml

  1. Locate the Connector element in server.xml file.

  2. Add the following attribute before the closing tag of the Connector element:

sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello"

The Connector element will now look something like this:

<Connector port="27535" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="../data/tomcat.keystore" keystorePass="changeit" clientAuth="false" sslProtocol="TLS" maxPostSize="10485760"

ciphers="TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_KRB5_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA,
TLS_KRB5_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_KRB5_WITH_IDEA_CBC_SHA,SSL_RSA_WITH_IDEA_CBC_SHA,TLS_RSA_WITH_SEED_CBC_SHA"
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello" />
  1. Save and close the server.xml file.

  2. Start the Discovery Manager service.

Discovery Agent

  1. Stop the Discovery Agent service.

  2. Open the following server.xml file in a text editor:

<Discovery Agent installation directory>\tomcat\conf\server.xml
  1. Locate the Connector element in server.xml file.

  2. Add the following attribute before the closing tag of the Connector element:

sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello"

The Connector element will now look something like this:

<Connector port="27534" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="../data/tomcat.keystore" keystorePass="changeit" clientAuth="false" sslProtocol="TLS" ciphers="TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_KRB5_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA,
TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_KRB5_WITH_IDEA_CBC_SHA,
SSL_RSA_WITH_IDEA_CBC_SHA,
TLS_RSA_WITH_SEED_CBC_SHA"

sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello"

/>
  1. Save and close the server.xml file.

  2. Start the Discovery Agent service.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Number

オーストラリア

0011 - 800-3687-7863
1-800-767-513

オーストリア

00 - 800-3687-7863

ベルギー

00 - 800-3687-7863

デンマーク

00 - 800-3687-7863

フィンランド

990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)

フランス

00 - 800-3687-7863

ドイツ

00 - 800-3687-7863

香港

001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)

アイルランド

00 - 800-3687-7863

イスラエル

014 - 800-3687-7863

イタリア

00 - 800-3687-7863

日本

001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)

Korea

001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)

マレーシア

00 - 800-3687-7863

オランダ

00 - 800-3687-7863

ニュージーランド

00 - 800-3687-7863
0800-4413101

ノルウェー

00 - 800-3687-7863

シンガポール

001 - 800-3687-7863

スペイン

00 - 800-3687-7863

スウェーデン

00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)

スイス

00 - 800-3687-7863

台湾

00 - 800-3687-7863

英国

00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088