Created on 09-04-2017 10:43 AM - edited 09-16-2022 05:11 AM
Hi guys,
- Ambari 2.5.X, RHEL7
I'm attempting to disable the cipher: RSA_WITH_3DES_EDE_CBC_SHA
I have added it to the ambari.properties file as both:
RSA_WITH_3DES_EDE_CBC_SHA
and
TLS_RSA_WITH_3DES_EDE_CBC_SHA
(They are separated by the '|' symbol)
Although every time I run TestSSLServer2 on Ambari port..the ciphers show up. I have also added these ciphers to the servers java.security file with no luck.
Am I missing something?
Created 09-07-2017 08:11 AM
In general to disable certain ciphers for Ambari UI, do the following:
1. Locate the strings for the ciphers you wish to disable in the following list:
http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html
2. Edit the ambari.properties file and add them as follows, separating the cipher strings with vertical pipes:
security.server.disabled.ciphers=CIPHER1|CIPHER2
3. Restart Ambari server
4. Rescan and verify the results
Also, the ciphers TLS_RSA_WITH_3DES_EDE_CBC_SHA disabled with SSL_RSA_WITH_3DES_EDE_CBC_SHA breaks Ambari Metrics and Firefox access to the Ambari UI, so it is best not to disable "TLS_RSA_WITH_3DES_EDE_CBC_SHA".
Created 09-07-2017 09:49 AM
Hi @Sindhu,
The cipher I want to disable (RSA_WITH_3DES_EDE_CBC_SHA) falls under the TLSv1.2 cipher suite.
Is RSA_WITH_3DES_EDE_CBC_SHA and SSL_RSA_WITH_3DES_EDE_CBC_SHA the same cipher?
Created 09-07-2017 09:58 AM
Seems like there are one and the same. Refer below link for list of ciphers:
http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html