Configure SSL Cipher Suites

When using HTTPS, you may need to set the cipher suites used by Exalead CloudView to include a specific cipher suite or exclude a cipher suite that is too weak to use.

By default, the Java Virtual Machine provides the cipher suites that Exalead CloudView uses. For more information about available cipher suites, see the JSSE Provider documentation.

The default configuration enables a few modern ciphers only. If you encounter issues with a specific browser or if you need to modify these restrictions to comply with your security policies, edit the list in <DATADIR>/config/DeploymentInternal.xml.

Note: These restrictions were added to the Exalead CloudView default configuration in R2016xR1 and are not added automatically when migrating from a previous version.

This task shows you how to:

Include Cipher Suites

  1. Edit DeploymentInternal.xml in <DATADIR>/config.
  2. Add the following content below <CloudviewDeploymentInternalConfig...>:
    <CloudviewDeploymentInternalConfig...>  
    <ServerCiphers>   
    <Include name="cipher_to_include"/>
    <Include name="cipher_to_include"/>
    </ServerCiphers>
  3. Specify the ciphers to include in <Include name="..."/>.
  4. Restart Exalead CloudView.

Exclude Cipher Suites

  1. Edit DeploymentInternal.xml in <DATADIR>/config.
  2. Add the following content below <CloudviewDeploymentInternalConfig...>:
    <CloudviewDeploymentInternalConfig...>
    <ServerCiphers>
      <Exclude name="cipher_to_exclude"/> 
      <Exclude name="cipher_to_exclude"/>
    </ServerCiphers>
  3. Specify the ciphers to exclude in <Exclude name="..."/>.
  4. Restart Exalead CloudView.