This article describes how to enable SSL/TLS support in BoKS Reporting Manager and how to restrict the protocols for the connection.
See http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html for how to set up an SSL connection in Tomcat. The instructions guide you on how to create or import a certificate and configuration of the SSL/TLS connection.
It is recommended that the allowed SSL/TLS protocols are specified to prohibit that less secure protocols are used in the negotiation (known as the POODLE issue).
Note, that enabling TLSv1.1 and TLSv1.2 requires JRE version 7 or later. BoKS Reporting Manager 6.7 includes JRE 6 where only TLSv1.0 is available. See article "Instructions for upgrading the Java Runtime (JRE) for BoKS Reporting Manager".
It is also possible to set the allowed ciphers for the connection.
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider for available ciphers and protocols for different JRE's.
Example configuration in server.xml where only TLSv1.1 and TLSv1.2 protocols are allowed and where ciphers suites with at least 128 key length are allowed:
"8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" protocols="TLSv1.1, TLSv1.2" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" keystoreFile="conf/.keystore" />
Still have questions? We can help. Submit a case to Technical Support.