Disabling weak ciphers

SSL uses ciphers for encryption. Some supported ciphers are weaker than others. To resolve this issue, you can use the security.properties file to disable weak ciphers. The SEC_FILE parameter in the model9-stdenv.sh file points to this file by default.

Warning

BMC has specified the Java jdk.tls.disabledAlgorithms property, which overrides the system property only in BMC AMI Cloud. If you made changes to your installationDirectory/lib/security/java.security system properties file, make sure that the security.properties file is aligned with it.

Related topics

Updating-the-BMC-AMI-Cloud-agent-configuration-files

Upgrading-the-BMC-AMI-Cloud-agent

To disable a cipher

To disable ciphers other than those provided in security.properties, follow these steps:

  1. Copy the security.properties file into your own custom security file under the CONF directory.
  2. Modify your security file. The security.properties file specifies the value of the Java jdk.tls.disabledAlgorithms environmental property. For more information about the syntax of this property, see the installationDirectory/lib/security/java.security file.
  3. Specify the new file in the SEC_FILE parameter in model9-stdenv.sh

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*