How to Include/Exclude TLS Ciphers for TEA Server

How to Include/Exclude TLS Ciphers for TEA Server

book

Article ID: KB0078727

calendar_today

Updated On:

Products Versions
TIBCO Enterprise Administrator (TEA) 2.3.0 hotfix 05

Description

TEA server to support the TLS setting exposed by JETTY server.

Below are the Ciphersuites properties for Including/Excluding Strong/Weak Ciphers.

tea.server.IncludeCipherSuites
tea.server.ExcludeCipherSuites

Issue/Introduction

TEA 2.3.0 hotfix 05 allows TEA server to Include Strong TLS Ciphers and exclude Week Ciphers.

Environment

Product:TIBCO Enterprise Administrator(TEA) , TIBCO Enterprise Administrator(TEA) -SDK. Version:2.3.0 Hotfix:05 OS:ALL

Resolution

Steps to implement:

1) Install TEA 2.3.0 hotfix 05
2) Edit the tea.conf file under $tea-home/cfgmgmt/tea/conf directory.
3) Add the below property to include TLSv 1.2 strong ciphers.

tea.server.includeCipherSuites="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"

4) To exclude Weak Ciphers Add the below property

  tea.server.ExcludeCipherSuites="^.*_(MD5|SHA|SHA1)$"

5) Restart the TEA Server.

PS:  Above provided cipher property values are for reference, can be modified as per requirement.

 
 

Additional Information


Please refer to TLS settings at 
http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites