Configuring The Web Access Server For Ssl Communications With The Enterprise; Server - Novell IFOLDER 3 - ADMINISTRATION Manual

• Disable the Low, Export, and Null cipher suites.
To set these parameters, modify the aliases in the OpenSSL* ciphers command (the SSLCipherSuite
directive) in the /etc/httpd/conf/httpd.conf file.
1 Stop the Apache server: At a terminal console, enter
2 Open the /etc/httpd/conf/httpd.conf file in a text editor, then locate the
3 Modify the plus (+) to a minus (-) in front of the ciphers you want to disable and make sure
4 Save your changes.
5 Start the Apache server: At a terminal console, enter
For more information about configuring strong SSL/TLS security solutions, see
Encryption: How-To (http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html)
site.
9.5.3 Configuring the Web Access Server for SSL
Communications with the Enterprise Server
By default, the iFolder enterprise server is configured to communicate with the iFolder Web Access
server via SSL. For most deployments, this setting should not be changed because iFolder uses
HTTP BASIC for authentication, which means passwords are sent to the server in the clear. If the
iFolder deployment is small and the Web Access server co-exists on the same machine as the iFolder
enterprise server, an Administrator could reconfigure to disable SSL, which would increase the
performance of local communications between the two servers.
The communication between the Web Access server and the iFolder enterprise server is determined
during the YaST configuration of the Web Access server. Specify an https:// in the URL for the
enterprise server for SSL (HTTPS) communications between the servers. Traffic between the two
servers is secure. If you specify an http:// in the URL, HTTP is used for communications between
the servers and traffic is insecure.
The setting is stored in the /opt/novell/ifolder3/webaccess/Web.config file under
the following tag:
If you disable SSL between Web Access server and the enterprise server and if the two servers are
on different machines, you must also disable the iFolder server SSL requirement. Because the
enterprise SSL setting also controls the traffic between the enterprise server and the client, all Web
traffic between servers and between the clients and the enterprise server would be insecure.
100 Novell iFolder 3.x Administration Guide
/etc/init.d/apache2 stop
SSLCipherSuite directive in the Virtual Hosts section:
SSLCipherSuite
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
there is a ! (not) before ADH:
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:-
eNULL
/etc/init.d/apache2 start
<add key="SimiasUrl" value="https://localhost" />
SSL/TLS Strong
on the Apache.org Web