Configuring secure transport protocol and cipher suites for HTTPS

Note

Before configuring cipher suites for BMC Atrium Orchestrator, review the information about Weak Diffie-Hellman and the Logjam Attack and ensure that you use strong cipher suites. Use of weak ciphers can cause security issues.

BMC Atrium Orchestrator includes cipher suites that you can use for SSL connections. You can use some of the installed configuration files to configure the secure transport protocol and supported cipher suites to comply with your organization's security policies. You can configure the port for secure transport protocol and cipher suites for the servers that will use HTTPS (such as CDP, HA-CDP, AP, and LAP HTTPS ports).

You should be familiar with HTTPS, SSL protocols, and cipher suites to complete these configurations.

BMC Atrium Orchestrator uses two communication channels:

  • The UI communication channel is defined in the installed Tomcat distribution. It is used for any UI communcations, including by the installers.
  • The internal communication channel is defined in the installed Apache ActiveMQ/Jetty distribution. It is used for communication between components and peers

You can configure these channels independently. If you configure the internal communication channel, you have to use the same settings for all CDPs, HA-CDPs. APs and LAPs in your BMC Atrium Orchestrator infrastructure.

This section describes how to configure the secure transport protocol and supported cipher suites for these communication channels. It includes the following pages: