CaféX Critical Issue Bulletin 004 - CaféX Trials 2.1.6 failing to start on OS X El Capitan

Introduction

We have seen scenarios where CaféX trials environment (Version 2.1.6) fails to start on OS X El Capitan.

Root Cause

Trials 2.1.6 uses some of the older Diffie-Helman cipher suites which are deemed in-secure.

 

Affected Users

All users of CaféX Trials using the latest OS X operating system currently codenamed El Capitan.

 

Solution

Remove the older cipher suites:

1. Stop Trials

/Users/<user>/cafex-trials/stop-all.sh

2. Make a back up of your fas.properties file

cd /Users/<User>/cafex-trials/FAS/domain/configuration
cp fas.properties fas.bak-<date>

3. Edit fas.properties and remove the weak encryption ciphers

vi fas.properties and make the following changes to the jsse cipher suites:
Before:

jsse.cipher.suites=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA

After:

jsse.cipher.suites=SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA

4. Start Trials

/Users/<user>/cafex-trials/start-all.sh

 

If you continue to experience issues after following these steps, please contact your CaféX representative or email us at support@cafex.com.

 

Have more questions? Submit a request

Comments

Powered by Zendesk