Moka5
Moka5


How to Disable SSL Ciphers in a Moka5 Server   « Go Back

Summary


You can disable or enable SSL ciphers by following these instructions for Moka5 servers 3.8 and above.

Applies To

  • Moka5 Management Servers 3.8 and later

Instructions

You can modify the list of SSL ciphers your Management Server uses by changing information in the server's properties files.

Modify the cipher list by editing the "connector.ciphers" property in the appropriate connector properties file.
The connector properties properties file is within the "conf" directory inside of the Moka5 server installation directory.
If you are using default installation settings, the connector properties file will be named "connector-mgmt.properties".

connector.ciphers takes a comma-separated list of encryption ciphers that this socket is allowed to use as a value.
The ciphers are specified using the JSSE cipher naming convention.
The special value of ALL will enable all supported ciphers.

Note: Using the ALL value includes many ciphers that are not secure. ALL is intended for testing purposes only.


Examples

There is a connector properties file for each port opened by the server.

A typical connector properties looks similar to this: 
connector.maxThreads=500
connector.port=443
connector.sslEnabled=true
connector.ciphers=TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
connector.keyAlias=selfsigned_mgmt

For example, if you want to suppress the RC4 cipher, you would edit the connector properties removing the ciphers "SSL_RSA_WITH_RC4_128_MD5" and "SSL_RSA_WITH_RC4_128_SHA" from the comma-separated property value. 
connector.maxThreads=500
connector.port=443
connector.sslEnabled=true
connector.ciphers=TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
connector.keyAlias=selfsigned_mgmt

After modifying and saving the connector properties, restart the Moka5 Management Server to apply the updated settings.

Other information

  • View a full list of available algorithm names from the Java security cryptography providers docs here.
  • Verify the ciphers in use by using on a running Moka5 Management Server by using an OpenSSL command or by just entering your public domain name here.