Enable GCM Ciphers

GCM ciphers should be enabled especially because of their efficiency. Major websites, notably those under Google, use them. The following two ciphers are supported by all major browsers:

- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

 

Note that GCM ciphers are supported only on JDK-8 at the time of writing.

 

Follow these steps to enable them:

1. open FAS configuration file at <FAS>/domain/configuration/fas.properties

2. find the following lines

    'openssl.cipher.suites='

3. append to the end the ciphers so that it reads

 

openssl.cipher.suites=SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

 

Restart FAS, go to the CSDK sample page or your webapp and verify your browser is now using one of them.

 

 

 

Comments are disabled on these articles if you require help contact support@cafex.com.

Have more questions? Submit a request

Comments

Powered by Zendesk