Configuring A Cipher Suite To Use For Ssl/Tls; Installing Trusted Roots And Certifications On The Ifolder Server; Installing Server Certificates From A Known Certificate Authority; Using A Shared Certificate In Ifolder Clusters - Novell IFOLDER 3.8 - SECURITY ADMINISTRATION Manual
Hide thumbs
Also See for IFOLDER 3.8 - SECURITY ADMINISTRATION:
- Manual (138 pages) ,
- Deployment manual (64 pages)
Table of Contents
Advertisement
2.6 Configuring a Cipher Suite to Use for SSL/
TLS
To ensure strong encryption, we strongly recommend the following configuration for the Apache
server's SSL cipher suite settings:
Use only High and Medium security cipher suites, such as RC4 and RSA.
Remove from consideration any ciphers that do not authenticate, such as Anonymous Diffie-
Hellman (ADH) ciphers.
Disable the Low, Export, and Null cipher suites unless you need them for other applications.
Do not disable the Low and Export cipher suites if they are required by your customer base.
Individuals using older browsers (4-5 years old) and older versions of Windows*, such as
Windows 98 might still need those cipher suites for other services.
For information, see
"Configuring the SSL Cipher Suites for the Apache
iFolder 3.8 Administration
For information about configuring strong SSL/TLS security solutions, see
Encryption: How-To (http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html)
site.
2.7 Installing Trusted Roots and Certifications on
the iFolder Server
You can manually install the trusted roots and the directory public key out-of-band. For information,
see
"Managing SSL Certificates for
2.8 Installing Server Certificates from a Known
Certificate Authority
You should use valid certificates for both the Apache server and for communication between the
Simias server and the Simias client daemon. Simias is the technology underpinning your iFolder
server and client software. You should have the server public key signed by a known certificate
authority (CA). For information, see
iFolder 3.8 Administration
2.9 Using a Shared Certificate in iFolder Clusters
For a cluster where all of the nodes are acting like the same machine when they are taking their turn
hosting, the user should have a single certificate for the highly available IP address that all of the
nodes in the cluster share. For information, see
on an iFolder
Server" in the
Guide.
Apache" in the
Novell iFolder 3.8 Administration
"Generating an SSL Certificate for the
Guide.
"Configuring Apache to Point to an SSL Certificate
Novell iFolder 3.8 Administration
Security Best Practices for Novell iFolder 3.7 and Later Versions
Server" in the
Novell
SSL/TLS Strong
on the Apache.org Web
Guide.
Server" in the
Guide.
Novell
13
Advertisement
Chapters
Table of Contents
