Security
      Back to home
      1. Knowledge Base
      2. EOP MobilePrint (Legacy)
      3. Security

      SSL: Exclude Cipher

      How to: exclude some ciphers of your choice.

      • Stop EveryonePrint Web service (and/or Gateway service)
      • Make a backup copy of the XML files before editing
      • Edit the config files as needed
        1. For main Server: in directory .../etc jetty-ssl.xml and jetty-ssl-terminalapi.xml
          &lt;Set name="ExcludeCipherSuites"&gt;<br />&lt;Array type="java.lang.String"&gt;<br />&lt;Item&gt;SSL_RSA_WITH_RC4_128_MD5&lt;/Item&gt;<br />&lt;Item&gt;SSL_RSA_WITH_RC4_128_SHA&lt;/Item&gt;<br />&lt;Item&gt;TLS_ECDHE_RSA_WITH_RC4_128_SHA&lt;/Item&gt;<br />&lt;Item&gt;TLS_DHE_RSA_WITH_AES_128_CBC_SHA&lt;/Item&gt;<br />&lt;Item&gt;TLS_DHE_RSA_WITH_AES_128_CBC_SHA256&lt;/Item&gt;<br />&lt;Item&gt;SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA&lt;/Item&gt;<br />&lt;/Array&gt;<br />&lt;/Set&gt;
        2. For Mobile Gateway: in directory .../etc defaults.xml
          &lt;entry key="ExcludedCipherSuites"&gt;SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA&lt;/entry&gt;

        Add the relevant Ciphers you like to exclude.

        Note: use the RFC cipher name as per this table: open SSL RFC Mappping

        ECDHE-RSA-DES-CBC3-SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
        ADH-DES-CBC3-SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
        AECDH-DES-CBC3-SHA TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
        • Restart the services