is there any way to disable SSLv3 within the application web server?

Document ID : KB000013985
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

How to disable SSLv3 within the EEM application web server

Environment:
EEM 12.51
Answer:

Steps to disable sslv3 from Directory server, EEM server and iTechnology :

 

Directory server 

==========

uncomment the line for tls from the file 

C:\Program Files (x86)\CA\Directory\dxserver\config\ssld\default.dxc as mentioned in the link http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/response-to-the-openssl-poodle-vulnerability.aspx 

For CA Directory, SSLv3 is supported and is defined by a configuration setting in the default.dxc file in the DXHOME\config\ssld folder (on Windows substitute DXHOME with %DXHOME% and $DXHOME on Linux/Unix). If you are pointing at a different ssld file than default.dxc, then update that file. 

In the "set ssl = {" command, ensure the protocol line is uncommented and is set to 'tls' to exclude SSLv3 as an accepted protocol. For example: 

protocol = tls 

Ensure that the DSA is either restarted or initialised for the changed config to take effect. 

The CA Directory 12.0 SP14 CR1 (available end of October 2014) and CA Directory 12.0 SP15 will have the SSL3 disabled OOTB in the default.dxc configuration. 

 

EEM Server and iTechnology 

=================

 

iTechnology 

In igateway.conf 

In <Connector name="defaultport"> tag, set the protocol to TLSV1 

<secureProtocol>TLSV1</secureProtocol>"