Help
Not a customer? Start a free trial

Not a customer? Click the 'Start a free trial' link to begin a 30-day SaaS trial of our product and to join our community.

Existing Cisco AppDynamics customers should click the 'Sign In' button to authenticate to access the community

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How do I set the security protocol and update the cipher suites used by the EUM Server?

Michael.Perlstein
AppDynamics Team (Retired)

on ‎08-20-2018 09:07 AM

Similar to the steps outlined in the Set the Security Protocol document for the Controller, you can also set the security protocol or update the existing security protocol used by the EUM Server. The document link above refers to changing these settings for the Controller. However, these can be applied when setting the JRE security protocol for the EUM Server. The location of the JRE installation and java.security file for the EUM Server is the major difference to keep in mind when following the steps for the Controller. The process is still the same.

 

To enable encryption keys up to 256-bit in the EUM Server, download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files within the EUM Server's embedded Java runtime. 

 

  1. Download the Unlimited Strength Jurisdiction Policy Files from the following location:
    http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html 

  2. Stop the EUM app server.

  3. Install the policy files in the JRE installed under the EUM Server's "Installation Path".

  4. Start the EUM app server. 

 

After restarting the EUM app server, the following cipher suites become available:

  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA

If you want to modify the cipher suites, you can use the following steps. Please note that the example below shows how you would disable the DES cipher.

 

  1. Download the Unlimited Strength Jurisdiction Policy Files from the following location:
    http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html.

  2. Extract the contents of the downloaded policy files.

  3. Stop the EUM app server.

  4. Make a copy of the original JCE policy files (US_export_policy.jar and local_policy.jar).

  5. Replace the strong policy files in EUM Server's <java-home>\lib\security directory with the unlimited strength versions extracted during Step 2.

  6. From the EUM Server's <java-home>\lib\security directory, make a copy of the java.security file and add the line jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, DES RSA keySize < 2048 to the original file.

  7. Save the changes.

  8. Start the EUM app server.


As always, when making a change that will affect the availability and security of a production environment, we recommend testing in a development/pre-prod environment first to ensure you get the results you expect. Once verified outside of production, you can then follow the same steps in the live production environment. Precautionary measures such as backing up the original file before modification are always a good idea. 

0 Kudos
Version history
Last update:
‎08-20-2018 09:07 AM
Updated by:
On-Demand Webinar
Discover new Splunk integrations and AI innovations for Cisco AppDynamics.

Register Now!
Observe and Explore
Dive into our Community Blog for the Latest Insights and Updates!

Read the blog here

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

By clicking subscribe, I have read and understood the Privacy Policy and Terms of Use.
Platform
Solutions
Learn

Company
Support