Customizing SSL/TLS cipher suites to use for outbound LDAPS connectivity

Document ID : KB000057614
Last Modified Date : 14/02/2018
Show Technical Document Details

Solution

Background

Many functions of the Layer 7 Gateway are capable of specifying outbound SSL/TLS cipher suites or SSL/TLS versions. LDAP queries originating from the Gateway--via the Authenticate assertions or via the Perform LDAP Query assertion--are not capable of this. Controlling the cipher suites used for an outbound SSL/TLS connection to an LDAPS-enabled directory requires configuration changes on the Gateway appliance.

Implementation

  1. Log into the Gateway appliance as the ssgconfig user.?
  2. Select Option #3: Use a privileged shell (root)?
  3. Add the following line to /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties:?
java.naming.ldap.ssl.ciphers=RC4-SHA?
  1. Save the file and exit.?
  2. Restart the Gateway appliance.?