Hello,
In this article, we will configure the PMP product to work only for TLSv1.2.
First, stop the PMP service and take a folder backup of the server or a snapshot of the server. Changes will be made to 3 different files; server.xml , gateway.conf and postgres_ext.conf.
-
server.xml file is in <PMP-Home>\conf. Open the file and search for
sslProtocol and change "TLS" to " TLSv1.2" (sslProtocol="TLSv1.2"). Then search for " ciphers= " and change the expression to the ones in the link below. Change the same steps for other connectors that use port 7070. Finally, save and close.
- gateway,conf file is in <PMP_Installation_Directory>conf. Open the file and search for sslProtocols=TLSv1,TLSv1.1,TLSv1.2 . Again, change this expression to sslProtocols=TLSv1.2 . Then search for "cipherSuites=" and replace it with the following.
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- The postgres_ext.conf file is in <PMP_Installation_Directory>/pgsql/ext_conf. Open the file and add the following chipers to the bottom of the page.
- ssl_ciphers = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GC M-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA 384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-R SA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK' ssl_prefer_server_ciphers = true
Save the file and start the service. After the service starts, do not forget to perform your RDP tests.