This is an automated email from the ASF dual-hosted git repository. rohit pushed a commit to branch security-tls-config in repository https://gitbox.apache.org/repos/asf/cloudstack-documentation.git
The following commit(s) were added to refs/heads/security-tls-config by this push: new bed67ed the tls ciphers bug was fixed, remove unnecessary doc bed67ed is described below commit bed67ed924ebacfea9b93a2f9254e64e7d67de18 Author: Rohit Yadav <ro...@apache.org> AuthorDate: Tue Feb 5 13:26:57 2019 +0530 the tls ciphers bug was fixed, remove unnecessary doc Signed-off-by: Rohit Yadav <ro...@apache.org> --- source/installguide/optional_installation.rst | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/source/installguide/optional_installation.rst b/source/installguide/optional_installation.rst index c512bb1..8e1617f 100644 --- a/source/installguide/optional_installation.rst +++ b/source/installguide/optional_installation.rst @@ -113,22 +113,6 @@ server.properties file at /etc/cloudstack/management/ location: For storing certificates, admins can create and configure a java keystore file and configure the same in the server.properties file as illustrated above. -Disable Vulnerable TLS Algorithms ---------------------------------- - -The default JRE installation used for the CloudStack management server can be -configured to disable vulnerable TLS algorithms such as TLSv1, TLSv1.1 etc. -To do this, you can define or override the jdk.tls.disabledAlgorithms setting -in the JRE's java.security file typically at -$JRE_HOME/lib/security/java.security: - - .. parsed-literal:: - - jdk.tls.disabledAlgorithms=SSLv2Hello, SSLv3, TLSv1, TLSv1.1, DH keySize < 128, RSA keySize < 128, DES keySize < 128, SHA1 keySize < 128, MD5 keySize < 128, RC4 - -After configuring above settings, restart the management server to disable TLS -versions for CloudStack management server ports 8250 (agent server) and 8443 -(Jetty/HTTPS server). Database Replication (Optional) -------------------------------