Configure cipher suites used for backend trust in Spotfire 10.0 and higher

Configure cipher suites used for backend trust in Spotfire 10.0 and higher

book

Article ID: KB0079142

calendar_today

Updated On:

Products Versions
Spotfire Server 10.0 and Higher

Description

The set of TLS protocols and cipher suites used for backend communication (between the Spotfire Server, the Node Manager and the various services handled by the Node Manager) have been hard coded in versions prior to 10.0. In Spotfire Server 10.0 those values are configurable.  In addition, in Spotfire Server 10.1  the defaults have changed for TLS and cipher suites.

Issue/Introduction

How to configure TLS protocols and cipher suites used for backend trust in Spotfire Server 10.0

Environment

All supported environments

Resolution

To configure the cipher suits used for backend communication modify configuration.xml file. See documentation page for more information on editing configuration file. Locate the section surrounded by tags <trust> and add enabled TLS protocols.

Example how trust looks after configuring the TLS protocols and cipher suites used for backend trust: 
<trust>
      <registration-connector>
        <attributes />
      </registration-connector>
      <backend-connector>
        <attributes />
      </backend-connector>
      <enabled-tls-protocols>
        <enabled-tls-protocol>TLSv1.2</enabled-tls-protocol>
        <enabled-tls-protocol>TLSv1.1</enabled-tls-protocol>
        <enabled-tls-protocol>TLSv1</enabled-tls-protocol>
      </enabled-tls-protocols>
      <enabled-tls-cipher-suites>
        <enabled-tls-cipher-suite>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</enabled-tls-cipher-suite>
        <enabled-tls-cipher-suite>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</enabled-tls-cipher-suite>
        <enabled-tls-cipher-suite>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</enabled-tls-cipher-suite>
        <enabled-tls-cipher-suite>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</enabled-tls-cipher-suite>
        <enabled-tls-cipher-suite>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</enabled-tls-cipher-suite>
      </enabled-tls-cipher-suites>
 </trust>

Upload the edited configuration file back to the Spotfire database and restart the Spotfire Server. Disable undesired default cipher suites on Node Manager machine.

Additional Information

Manually editing the server configuration in an XML or text editor

Article about cipher suites in version 7.14 and lower
Powered by Wolken Software