VISULOX GATEWAY - Java component
The following list is from February 2022 for VISULOX PORTAL 3.4 and should be checked for updates.
Cipher on VISULOX GATEWAYS:
/opt/SUNWsgdg/etc/ciphersuites.xml
<ciphersuites>
<useCipherSuitesOrder>true</useCipherSuitesOrder>
<cipher>TLS_AES_256_GCM_SHA384</cipher>
<cipher>TLS_AES_128_GCM_SHA256</cipher>
<cipher>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</cipher>
<cipher>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</cipher>
<cipher>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</cipher>
<cipher>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</cipher>
<cipher>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</cipher>
<cipher>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</cipher>
<cipher>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</cipher>
<cipher>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</cipher>
</ciphersuites>
|
VISULOX GATEWAY - Disabling older TLS versions
Adjust /opt/SUNWsgdg/java/default/lib/security/java.security:
CODE
jdk.tls.disabledAlgorithms=TLSv1,TLSv1.1,SSLv3, RC4, MD5withRSA, DH keySize < 1024, \EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
VISULOX GATEWAY - Apache virtual server for control channel
Adding SSL configuration for VISULOX control channel - visulox.conf:
SSLProxyEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite +SHA512:+SHA384:+SHA256:AES256+EECDH:AES128+EECDH:ECDHE-RSA-DES-CBC3-SHA:AES128-SHA
SSLCertificateFile /opt/SUNWsgdg/var/cert/cert.pem
SSLCertificateKeyFile /opt/SUNWsgdg/var/cert/key.pem
SSLCertificateChainfile /opt/SUNWsgdg/var/cert/rapidssl-chain.pem
|
Tarantella Apache
Setting of HTTP Header for Strict Transport Security (HSTS) on the VISULOX Access Node:
/opt/tarantella/webserver/apache/<version>/conf/httpd.conf
<VirtualHost *:443>
...
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
...
|
