Click the Start a free trial link to start a 30-day SaaS trial of our product and join our community as a trial customer. If you are an existing customer do not start a free trial.
AppDynamics customers and established members should click the sign in button to authenticate.
on
06-30-2023
06:27 PM
- edited on
07-03-2023
10:23 AM
by
Claudia.Landiva
You may want to change the SSL/TLS configuration of the on-premises Controller to allow only strong key exchanges. This can be done by defining a minimum key size for Diffie Hellman Key Exchanges.
Here is the procedure:
<controller_home>/appserver/glassfish/domains/domain1/config/domain.xml
and make the following change: § <jvm-options>-javaagent:${com.sun.aas.instanceRoot}/appagent/javaagent.jar</jvm-options>
CHANGE TO -
§ <jvm-options>-Djdk.tls.ephemeralDHKeySize=prefered_key_size</jvm-options>
§ <jvm-options>-javaagent:${com.sun.aas.instanceRoot}/appagent/javaagent.jar</jvm-options>
EXAMPLE -
§ <jvm-options>-Djdk.tls.ephemeralDHKeySize=2048</jvm-options>
§ <jvm-options>-javaagent:${com.sun.aas.instanceRoot}/appagent/javaagent.jar</jvm-options>
<jre_used_by_the_controller>/lib/security/java.security
and make the following change: § jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
CHANGE TO -§ jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < prefered_key_size, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
EXAMPLE -§ jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 2048, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
Restart the Controller Appserver for the change to take effect.
NOTE | This step involves Controller downtime.
Rediscover the Controller back to EC.
Thank you! Your submission has been received!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form