- Ambari 2.5.X, RHEL7
I'm attempting to disable the cipher: RSA_WITH_3DES_EDE_CBC_SHA
I have added it to the ambari.properties file as both:
(They are separated by the '|' symbol)
Although every time I run TestSSLServer2 on Ambari port..the ciphers show up. I have also added these ciphers to the servers java.security file with no luck.
Am I missing something?
In general to disable certain ciphers for Ambari UI, do the following:
1. Locate the strings for the ciphers you wish to disable in the following list: http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html2. Edit the ambari.properties file and add them as follows, separating the cipher strings with vertical pipes: security.server.disabled.ciphers=CIPHER1|CIPHER2 3. Restart Ambari server 4. Rescan and verify the results
Also, the ciphers TLS_RSA_WITH_3DES_EDE_CBC_SHA disabled with SSL_RSA_WITH_3DES_EDE_CBC_SHA breaks Ambari Metrics and Firefox access to the Ambari UI, so it is best not to disable "TLS_RSA_WITH_3DES_EDE_CBC_SHA".
The cipher I want to disable (RSA_WITH_3DES_EDE_CBC_SHA) falls under the TLSv1.2 cipher suite.
Is RSA_WITH_3DES_EDE_CBC_SHA and SSL_RSA_WITH_3DES_EDE_CBC_SHA the same cipher?
Seems like there are one and the same. Refer below link for list of ciphers: