If the directory/file paths specified in this guide do not exist in your WSO2 product, see Directory Structure of WSO2 Products to locate the paths applicable to your product.
Administration Guide 4.4.x

Versions Compared

Old Version 42

changes.mady.by.user Dulanja Liyanage

Saved on

compared with

New Version Current

changes.mady.by.user Mariangela Hills

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated typo in "Enabling SSL protocols and ciphers in ThriftAuthenticationService" step1

...

  1. Add the following configurations in the <CARBON_SERVER>/repository/conf/identity/thrift-authentication.xml file as sub-elements of the root <Server> element.

    Code Block
    <SSLEnabledProtocols>TLSv1,TLSv1.1,TLSv1.2</SSLEnabledProtocolsSSLEnabledProtocols>
<Ciphers>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</Ciphers>
    Tip

    Tip: You can also add the following additional cipher suites to the <Ciphers> property if JCE Unlimited Strength Jurisdiction Policy is enabled in Java.

    Code Block
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WIT

    If you wish to remove TLSv1 or TLSv1.1, you can do so by removing them as values from the <SSLEnabledProtocols> property.

  2. Restart the server. 

...