Jump to content

Disable week ciphers on the plasticscm server


Recommended Posts


How do I disable SSLv2 and the weak and medium cipher suites on the plasticscm server.

SSL works ok however after carrying out a security audit I have found that I would need to configure these options to protect the server, IIS is already correctly configured and so are the native cipher suites however the plasticscm uses it own http server which would need to be separately configured.

May thanks,


Link to comment
Share on other sites

Hello Topsey,

the Plastic SCM server by default is listening in two ports, if you want to disable the SSL one you just need to edit the "remoting.conf" file that you will find in the Plastic SCM server installation path and remove the SSL channel.

Something like:

		    <channel type="Codice.Channels.PlasticSecuredTcpChannel, plastictcpchannel" port="8088" sslPfxFile="ssl-certificate.pfx" sslPfxFilePassword="|SoC|2ogBDa8GmifTjC7UKp4KuoF0/jWYlXy2" name="secured">
				    <formatter type="Codice.Channels.PlasticBinaryServerFormatterSinkProvider, plastictcpchannel" typeFilterLevel="Full" Compression="sinklevel" SerializationObjectsAtSink="true" BufferPoolMax="10"/>
				    <provider type="Codice.CM.Server.ExceptionTracerSinkProvider, servercommon" />
				    <provider type="Codice.Channels.ClientSinkProvider, plastictcpchannel" />
				    <formatter ref="binary" />

Save the file, restart the server service and the SSL connectivity will disappear.

Link to comment
Share on other sites


No I want the SSL, I do not want to use a non secure service which would be even worse, which is why I used a commercial certificate to secure the service, however I need to make it thoroughly secure which means disabling SSLv2 and weak and medium cipher suites, there is normally a configuration file for the web server where these settings can be applied.

I can connect fine, I had to use the common name for the certificate, rather than one of the SAN names as this causes authentication issues, but ok that was fine just need to deal with the security issues.

If you can let me know how to configure your server.

Many thanks,


Link to comment
Share on other sites

Hi topsey,

sorry for the misunderstanding.

Reviewing the server code I found that all the connections, when you are using SSL, are done using the SSL3 protocol version, so, SSL2 and TLS are not valid.

This parameter is something you cannot define from the outside, it's hardcoded as the default security protocol in all the Plastic TCP connections.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...