Subscribe RSS Feed | Follow on Twitter

How to disable weak ciphers in View 3.1

without comments

A colleague of mine had a requirement from his security-department to disable the ability to use “weak ciphers” to connect to the security server.

(Ciphers that are using SSL2 and below 128-bits are sometimes considered as “Weak ciphers”)

This is not a huge security issue but can show up as a problem in some security-scanning tools. (For example Nessus)

To disable the weak ciphers:

1) Edit/create the c:\Program Files\VMware\VMware VDM\Server\sslgateway\conf\locked.properties file.

2) Add the following lines (or the ciphers you want to be accepted):

enabledCipherSuite.0=SSL_RSA_WITH_RC4_128_MD5
enabledCipherSuite.1=SSL_RSA_WITH_RC4_128_SHA
enabledCipherSuite.2=TLS_RSA_WITH_AES_128_CBC_SHA
enabledCipherSuite.3=TLS_DHE_RSA_WITH_AES_128_CBC_SHA
enabledCipherSuite.4=TLS_DHE_DSS_WITH_AES_128_CBC_SHA
enabledCipherSuite.5=SSL_RSA_WITH_3DES_EDE_CBC_SHA
enabledCipherSuite.6=SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
enabledCipherSuite.7=SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

3) Restart the View Connection/Security Service.

This will configure only the listed suites as acceptable.

Be aware that this can cause some older browsers not being able to use the web portal. (IE 5.5 for example)

Similar Posts:

Written by Joel Lindberg

August 28th, 2009 at 2:40 pm

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close