If you are running PingFederate 7.X or older you have SSLv3 enabled. Since SSLv3 is considered insecure I wanted to remove it from our PingFederate systems.
You disable SSLv3 pretty easy by changing the following configuration file:
$INSTALLDIR/pingfederate/etc/jetty-runtime.xml
Search for a line which looks like this:
<New class="com.pingidentity.appserver.jetty.server.connector.ssl.RuntimeSslContextFactory"></New>
It should like this instead:
<New class="com.pingidentity.appserver.jetty.server.connector.ssl.RuntimeSslContextFactory">
<Set name="includeProtocols">
<Array type="java.lang.String">
<Item>TLSv1</Item>
<Item>TLSv1.1</Item>
<Item>TLSv1.2</Item>
</Array>
</Set>
PingFederate 8 and newer have SSLv3 disabled by default.
Inga kommentarer:
Skicka en kommentar