Disabling Transport Layer Security (TLS) in Graph Server

D Disabling Transport Layer Security (TLS) in Graph Server

For demonstration or evaluation purposes, it is possible to turn off transport layer security (TLS) of the graph server.

Caution:

This is not recommended for production. In a secure configuration, the server must always have TLS enabled.

The following instructions only apply if you installed the graph server via the RPM package.

Note:

If you deployed the graph server into your own web server (e.g Weblogic or Apache Tomcat), please refer to the manual of your web server for TLS configuration.

Edit /etc/oracle/graph/server.conf to change enable_tls to false.
Edit the WEB-INF/web.xml file inside the WAR file in /opt/oracle/graph/graphviz and configure cookies to be sent over non-secure connections by setting <secure>false</secure> as follows:
```
<session-config>
		<tracking-mode>COOKIE</tracking-mode>
		<cookie-config>
			<secure>false</secure>
		</cookie-config>
		...
</session-config>
```

Additionally, replace `https` with `http` in the `pgx.base_url` property in the same WEB-INF/web.xml file. For example:

<context-param>
	<param-name>pgx.base_url</param-name>
	<param-value>http://localhost:7007</param-value>
</context-param>

Restart the server.
```
sudo systemctl restart pgx
```

The graph server now accepts connections over HTTP instead of HTTPS.

On Oracle Linux 7, you can execute the following script to perform the preceding four steps all at once:

echo "$(jq '.enable_tls = false' /etc/oracle/graph/server.conf)" > /etc/oracle/graph/server.conf
WAR=$(find /opt/oracle/graph/graphviz -name '*.war')
TMP=$(mktemp -d)
cd $TMP
unzip $WAR WEB-INF/web.xml
sed -i 's|<secure>true</secure>|<secure>false</secure>|' WEB-INF/web.xml
sed -i 's|https://|http://|' WEB-INF/web.xml
sudo zip $WAR WEB-INF/web.xml
rm -r $TMP
sudo systemctl restart pgx

Parent topic: Supplementary Information for Property Graph Support