Similar to the steps outlined in the Set the Security Protocol document for the Controller, you can also set the security protocol or update the existing security protocol used by the EUM Server. The document link above refers to changing these settings for the Controller. However, these can be applied when setting the JRE security protocol for the EUM Server. The location of the JRE installation and
java.security file for the EUM Server is the major difference to keep in mind when following the steps for the Controller. The process is still the same.
To enable encryption keys up to 256-bit in the EUM Server, download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files within the EUM Server's embedded Java runtime.
After restarting the EUM app server, the following cipher suites become available:
If you want to modify the cipher suites, you can use the following steps. Please note that the example below shows how you would disable the DES cipher.
US_export_policy.jar and local_policy.jar).
<java-home>\lib\securitydirectory with the unlimited strength versions extracted during Step 2.
<java-home>\lib\securitydirectory, make a copy of the
java.securityfile and add the line
jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, DES RSA keySize < 2048to the original file.
As always, when making a change that will affect the availability and security of a production environment, we recommend testing in a development/pre-prod environment first to ensure you get the results you expect. Once verified outside of production, you can then follow the same steps in the live production environment. Precautionary measures such as backing up the original file before modification are always a good idea.