Support | Zephyr



How to disable SSLv3 on rtmps port in Zephyr Enterprise Edition

Created on

Problem

How to disable SSLv3 on rtmps port in Zephyr Enterprise Edition

Fix

In services-config.xml, the protocol stay as TLS that doesn't change, what you would need to do is limit the Ciphers allowed which wouldn't include any that are supported by sslv3. Some suggested ciphers to use are configured below

clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"

<keystore-type>JKS</keystore-type>
<keystore-file> </keystore-file>
<keystore-password> </keystore-password>
<alias> </alias>
<protocol>TLS</protocol>
<enabled-cipher-suites>
<cipher-suite>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA </cipher-suite>
<cipher-suite>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</cipher-suite>
<cipher-suite>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA </cipher-suite>
<cipher-suite>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</cipher-suite>
</enabled-cipher-suites>

 

Note : These assume JDK7 is used, If using any ciphers with 256 you would need to install the JCE Unlimited Crypto for the JDK 7 for you to work.

 

 


Knowledge Base Document Information:

---------------------------------------------------------------------------------------------------------------------------

Title: How to disable SSLv3 on rtmps port in Zephyr Enterprise Edition

Product: Zephyr Enterprise Edition

Version: All

Summary: Limiting the Ciphers allowed which wouldn't include any that are supported by sslv3

---------------------------------------------------------------------------------------------------------------


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Powered by Zendesk