topsey Posted November 14, 2012 Report Share Posted November 14, 2012 Hi How do I disable SSLv2 and the weak and medium cipher suites on the plasticscm server. SSL works ok however after carrying out a security audit I have found that I would need to configure these options to protect the server, IIS is already correctly configured and so are the native cipher suites however the plasticscm uses it own http server which would need to be separately configured. May thanks, Ian. Link to comment Share on other sites More sharing options...
manu Posted November 14, 2012 Report Share Posted November 14, 2012 Hello Topsey, the Plastic SCM server by default is listening in two ports, if you want to disable the SSL one you just need to edit the "remoting.conf" file that you will find in the Plastic SCM server installation path and remove the SSL channel. Something like: <channel type="Codice.Channels.PlasticSecuredTcpChannel, plastictcpchannel" port="8088" sslPfxFile="ssl-certificate.pfx" sslPfxFilePassword="|SoC|2ogBDa8GmifTjC7UKp4KuoF0/jWYlXy2" name="secured"> <serverProviders> <formatter type="Codice.Channels.PlasticBinaryServerFormatterSinkProvider, plastictcpchannel" typeFilterLevel="Full" Compression="sinklevel" SerializationObjectsAtSink="true" BufferPoolMax="10"/> <provider type="Codice.CM.Server.ExceptionTracerSinkProvider, servercommon" /> </serverProviders> <clientProviders> <provider type="Codice.Channels.ClientSinkProvider, plastictcpchannel" /> <formatter ref="binary" /> </clientProviders> </channel> Save the file, restart the server service and the SSL connectivity will disappear. Link to comment Share on other sites More sharing options...
topsey Posted November 14, 2012 Author Report Share Posted November 14, 2012 Hi, No I want the SSL, I do not want to use a non secure service which would be even worse, which is why I used a commercial certificate to secure the service, however I need to make it thoroughly secure which means disabling SSLv2 and weak and medium cipher suites, there is normally a configuration file for the web server where these settings can be applied. I can connect fine, I had to use the common name for the certificate, rather than one of the SAN names as this causes authentication issues, but ok that was fine just need to deal with the security issues. If you can let me know how to configure your server. Many thanks, Ian. Link to comment Share on other sites More sharing options...
manu Posted November 21, 2012 Report Share Posted November 21, 2012 Hi topsey, sorry for the misunderstanding. Reviewing the server code I found that all the connections, when you are using SSL, are done using the SSL3 protocol version, so, SSL2 and TLS are not valid. This parameter is something you cannot define from the outside, it's hardcoded as the default security protocol in all the Plastic TCP connections. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.