enable GCM ciphers

[edit on 18may2017 to add the new property for HTTPS]

 

GCM ciphers should be enabled especialy because of their efficiency. Major websites, notably those under Google, use them. The following two ciphers are supported by all major browsers:

- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

 

Note that GCM ciphers are supported only on JDK-8 at the time of writing.

 

Follow these steps to enable them:

1. open FAS configuration file at <FAS>/domain/configuration/fas.properties

2. find the following lines

    'openssl.cipher.suites='

3. append to the end the ciphers so that it reads

 

openssl.cipher.suites=SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

 

Restart FAS, go to the CSDK sample page or your webapp and verify your browser is now using one of them.

 

 

 

Comments are disabled on these articles if you require help contact support@cafex.com.

Have more questions? Submit a request

Comments

Powered by Zendesk