The Gateway supports a wide range of cipher suites for SSL connections. See the Oracle Secure Global Desktop Platform Support and Release Notes for Release 4.7 for a list of supported cipher suites.
During installation, the Gateway is configured to use a set of ciphers consisting of only high grade ciphers. This means that SSL connections to the Gateway always use enhanced security. If required, you can configure the Gateway to use a different set of ciphers.
Stop the Gateway.
# /opt/SUNWsgdg/bin/gateway stop
Configure the required ciphers.
In the /opt/SUNWsgdg/etc
directory,
edit the ciphersuites.xml
file.
By default, the ciphersuites.xml
file
contains the following entries for high grade ciphers.
<ciphersuites> <cipher>SSL_RSA_WITH_RC4_128_MD5</cipher> <cipher>SSL_RSA_WITH_RC4_128_SHA</cipher> <cipher>TLS_RSA_WITH_AES_128_CBC_SHA</cipher> <cipher>TLS_RSA_WITH_AES_256_CBC_SHA</cipher> <cipher>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</cipher> <cipher>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</cipher> <cipher>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</cipher> <cipher>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</cipher> <cipher>SSL_RSA_WITH_3DES_EDE_CBC_SHA</cipher> <cipher>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</cipher> <cipher>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</cipher> </ciphersuites>
Check that the following entry is present in the
/opt/SUNWsgdg/etc/gateway.xml
file, so
that it includes ciphersuites.xml
.
<service id="sgd-ssl-service" class="SSL"> ... <keystore file="/opt/SUNWsgdg/proxy/etc/keystore.client" password="/opt/SUNWsgdg/etc/password"/> <xi:include href="ciphersuites.xml" parse="xml"/> </service> ... <service id="http-ssl-service" class="SSL"> ... <keystore file="/opt/SUNWsgdg/proxy/etc/keystore.client" password="/opt/SUNWsgdg/etc/password"/> <xi:include href="ciphersuites.xml" parse="xml"/> </service>
Restart the Gateway.
# /opt/SUNWsgdg/bin/gateway start