How to change ciphers in CA Release Automation

Document ID : KB000110917
Last Modified Date : 13/08/2018
Show Technical Document Details
Introduction:
The PCI Scan came back with Below for the secure Management Server(ROC) 

List of medium strength SSL ciphers supported by the remote server : Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES) EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1 ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
Background:
As per security consideration there is a need to change the ciphers to high security standards. This document list down the steps on how it can be configured.
Environment:
CA Release Automation: 6.2 and higher
Instructions:
You can include below list of ciphers and SSL protocol in server.xml and the product will start using appropriate ciphers.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                          compression="on"
                          compressionMinSize="102400"
                          compressableMimeType="application/x-java-serialized-object"
                          SSLEnabled="true"
                          maxThreads="150"
                          scheme="https"
                          secure="true"
                          clientAuth="false"
                          sslEnabledProtocols="TLSv1.2"
                          keyAlias="nolioserver"
                          keystoreFile="conf/nolio.jks"
                          keystorePass="********************"
                          maxSwallowSize="-1"
                          server="Unknown"
                         ciphers="TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
                        TLS_RSA_WITH_AES_128_CBC_SHA,
                        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
                        TLS_RSA_WITH_AES_128_CBC_SHA256,
                        TLS_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                        TLS_RSA_WITH_AES_256_CBC_SHA,
                        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                        TLS_RSA_WITH_AES_256_CBC_SHA256,
                        TLS_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384">
    </Connector>