How to disable weak ciphers in View 3.1
A colleague of mine had a requirement from his security-department to disable the ability to use “weak ciphers” to connect to the security server.
(Ciphers that are using SSL2 and below 128-bits are sometimes considered as “Weak ciphers”)
This is not a huge security issue but can show up as a problem in some security-scanning tools. (For example Nessus)
To disable the weak ciphers:
1) Edit/create the c:\Program Files\VMware\VMware VDM\Server\sslgateway\conf\locked.properties file.
2) Add the following lines (or the ciphers you want to be accepted):
enabledCipherSuite.0=SSL_RSA_WITH_RC4_128_MD5
enabledCipherSuite.1=SSL_RSA_WITH_RC4_128_SHA
enabledCipherSuite.2=TLS_RSA_WITH_AES_128_CBC_SHA
enabledCipherSuite.3=TLS_DHE_RSA_WITH_AES_128_CBC_SHA
enabledCipherSuite.4=TLS_DHE_DSS_WITH_AES_128_CBC_SHA
enabledCipherSuite.5=SSL_RSA_WITH_3DES_EDE_CBC_SHA
enabledCipherSuite.6=SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
enabledCipherSuite.7=SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
3) Restart the View Connection/Security Service.
This will configure only the listed suites as acceptable.
Be aware that this can cause some older browsers not being able to use the web portal. (IE 5.5 for example)
Similar Posts:
