These settings are configured in NIDP_Name="devman" and NIDP_Name="connector" attributes inside the Connector element.
For the list of all default ciphers supported by Access Manager Administration Console, see Section A.2, Default Ciphers for Administration Console
<Connector NIDP_Name="connector" SSLEnabled="true" URIEncoding="utf-8 "acceptCount="100" address="10.0.0.0" ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" clientAuth="false" disableUploadTimeout="true" enableLookups="false" keystoreFile="/opt/novell/ devman/jcc/certs/idp/connector.keystore" keystorePass="xxxxxxxxxxxxxxx" maxThreads="200" minSpareThreads="5" port="8443" scheme="https" secure="true" sslImplementationName="com.novell.socket.DevManSSLImplementation" useServerCipherSuitesOrder="true" sslProtocol="TLSv1.2" sslEnabledProtocols="SSLv2Hello,TLSv1.1,TLSv1.2" />
For more information about connector attributes, see Apache Tomcat Configuration Reference.
You can modify this file using Advanced File Configurator. See Advanced File Configurator
in the NetIQ Access Manager Appliance 5.0 Administration Guide.
NOTE:When you install Access Manager 5.0 and the value of sslProtocol is TLS instead of TLSv1.2, change the value from TLS to TLSv1.2.
IMPORTANT:Access Manager supports and recommends TLSv1.2. You can reconfigure to use the earlier versions of TLS if required. However, due to cipher block chaining (CBC), using TLSv1.0 or earlier makes the environment vulnerable to the BEAST attack. This attack exploits the vulnerability at the client-side. TLS 1.1, TLS 1.2, and other cipher suites that do not use the CBC mode are not vulnerable to this attack.
Access Manager supports and enforces TLSv1.2 for all port.