How to: exclude some ciphers of your choice
- Stop EveryonePrint Web service (and/or Gateway service)
- Make a backup copy of the XML files before editing
- Edit the config files as needed
- For main Server: in directory .../etc jetty-ssl.xml and jetty-ssl-terminalapi.xml
<Set name="ExcludeCipherSuites">
<Array type="java.lang.String">
<Item>SSL_RSA_WITH_RC4_128_MD5</Item>
<Item>SSL_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</Item>
<Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
</Array>
</Set> - For Mobile Gateway: in directory .../etc defaults.xml
<entry key="ExcludedCipherSuites">SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</entry>
Add the relevant Ciphers you like to exclude.
Note: use the RFC cipher name as per this table https://testssl.sh/openssl-rfc.mappping.html
| ECDHE-RSA-DES-CBC3-SHA | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
| ADH-DES-CBC3-SHA | TLS_DH_anon_WITH_3DES_EDE_CBC_SHA |
| AECDH-DES-CBC3-SHA | TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA |
- Restart the services
Comments
0 comments
Please sign in to leave a comment.