C.6. Configuring Ciphers for the SGD Gateway

The Gateway supports a wide range of cipher suites for SSL connections. See the Oracle Secure Global Desktop Platform Support and Release Notes for Release 4.7 for a list of supported cipher suites.

During installation, the Gateway is configured to use a set of ciphers consisting of only high grade ciphers. This means that SSL connections to the Gateway always use enhanced security. If required, you can configure the Gateway to use a different set of ciphers.

C.6.1. How to Configure Ciphers for the Gateway

  1. Stop the Gateway.

    # /opt/SUNWsgdg/bin/gateway stop
  2. Configure the required ciphers.

    In the /opt/SUNWsgdg/etc directory, edit the ciphersuites.xml file.

    By default, the ciphersuites.xml file contains the following entries for high grade ciphers.

    <ciphersuites>
     <cipher>SSL_RSA_WITH_RC4_128_MD5</cipher>
     <cipher>SSL_RSA_WITH_RC4_128_SHA</cipher>
     <cipher>TLS_RSA_WITH_AES_128_CBC_SHA</cipher>
     <cipher>TLS_RSA_WITH_AES_256_CBC_SHA</cipher>
     <cipher>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</cipher>
     <cipher>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</cipher>
     <cipher>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</cipher>
     <cipher>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</cipher>
     <cipher>SSL_RSA_WITH_3DES_EDE_CBC_SHA</cipher>
     <cipher>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</cipher>
     <cipher>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</cipher>
    </ciphersuites>
  3. Check that the following entry is present in the /opt/SUNWsgdg/etc/gateway.xml file, so that it includes ciphersuites.xml.

    <service id="sgd-ssl-service" class="SSL">
                    ...
      <keystore file="/opt/SUNWsgdg/proxy/etc/keystore.client" 
       password="/opt/SUNWsgdg/etc/password"/>
       <xi:include href="ciphersuites.xml" parse="xml"/>
    </service>
                     ...
    <service id="http-ssl-service" class="SSL">
                     ...
      <keystore file="/opt/SUNWsgdg/proxy/etc/keystore.client" 
       password="/opt/SUNWsgdg/etc/password"/>
      <xi:include href="ciphersuites.xml" parse="xml"/>
    </service>
    
  4. Restart the Gateway.

    # /opt/SUNWsgdg/bin/gateway start