Specifying security ciphers for the Configuration Tool server connections

You can specify security ciphers for the Configuration Tool server connections. This step is optional, if you do not need to specify security ciphers, you can skip this step.

About this task

By default, the security ciphers that the Configuration Tool server supports depends on the underlying JRE that is used. You can check the JRE for valid ciphers. For more information, see Cipher suites.

Note: It is a best practice to use the latest and securest TLS ciphers in Java™, and avoid using deprecated TLS ciphers.

To specify security ciphers for the Configuration Tool server connections, indicate the ciphers in an editable file called the server_override.xml file. The override file is read at the initialization of the Configuration Tool server, and the values override default values for the Configuration Tool configuration properties.

Procedure

To specify security ciphers for the Configuration Tool server connections, complete the following steps:

Create an override file that is named server_override.xml in config_tool_server_install_dir/servers/cdp_ui_server.
Set the permissions to 755 for the server_override.xml in config_tool_server_install_dir/servers/cdp_ui_server. For example,
```
chmod 755 config_tool_server_install_dir/servers/cdp_ui_server/server_override.xml
```

Add the following statements to the server_override.xml file.

<server>         
  <ssl id="DefaultSSLSettings" enabledCiphers="<cipher_1> <cipher_2> … <cipher_n>"/>
</server>

Replace <cipher_1> <cipher_2> … <cipher_n> with a list of ciphers, and separate each cipher with a space. In the following example, two ciphers are specified.
```
<server>         
  <ssl id="DefaultSSLSettings" enabledCiphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"/>
</server>
```
Restart the Configuration Tool server.
As a result, you can only use the ciphers that you specify in the server_override.xml file for the Configuration Tool server connections.