In Cloud Access Manager v8.0 the list of Cipher suites supported by the reverse proxy was changed. Existing deployments will not benefit from this change - even if they are upgraded to v8.0.
The change was made to remove some older and less secure members from the list.
To manually update the list of cipher suites supported by Cloud Access Manager there are 2 options:
RESOLUTION 1:
If you are upgrading to Cloud Access Manager 8.0 or higher anyway, then upgrade the system as normal and post-upgrade manually uninstall each proxy node from the system and reinstall directly to the new higher version. This will deploy the 8.0+ proxy server configuration including the cipher suite change.
RESOLUTION 2:
To update an existing environment of any version, follow these instructions on each proxy node in the deployment:
1 - Open C:\Program Files\Dell\Software\Cloud Access Manager Proxy\conf\server.xml
2 - On the Connector port="443" element replace the Ciphers value with:
ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA"
NOTE: If you have a requirement to support legacy users of Internet Explorer 8 on Windows XP (other OSs are not affected) then append the following value to the ciphers value above, however please be aware that this is an RC4 cipher suite so its encryption strength is now considered weak and it is not recommended for use with modern browsers: "SSL_RSA_WITH_RC4_128_SHA"
3 - Repeat for any other Connector ports required (e.g. 8443 if smart card authentication is enabled).
4 - Restart the proxy service
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center