km0082764

Cipher List for bb-config.properties

Discussion created by km0082764 on Oct 7, 2019
Latest reply on Oct 10, 2019 by km0082764

Hey there team/fellow BB administrators,

 

I'm fairly new to the realm of BB support and am just learning the ropes, but I have been tasked with finding a more secure cipher list for our test environment before propagating the changes to our live environment. The BB article relative to this is quite dated, so I am looking for something more current.

 

I do have an open ticket with BB support regarding this, but was curious if you have had any success creating a more secure BB environment. 

 

 

The current value I have is as follows - if you have had any success with your own environment using a more secure set I'd love to hear it . :

bbconfig.appserver.https.ciphers=TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

bbconfig.appserver.https.protocols=TLSv1,TLSv1.1,TLSv1.2
bbconfig.appserver.https.protocols.server=+TLSv1,+TLSv1.1,+TLSv1.2

Outcomes