These settings are configured in NIDP_Name="devman" and NIDP_Name="connector" attributes inside the Connector element.
For the list of all default ciphers supported by Access Manager Identity Server, see Section A.1, Default Ciphers for Identity Server
You can modify this file using Advanced File Configurator. See Advanced File Configurator
in the NetIQ Access Manager Appliance CE 24.2 (v5.1) Administration Guide.
<Connector NIDP_Name="connector" SSLEnabled="true" URIEncoding="utf-8" acceptCount="100" address="10.0.0.0" ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" clientAuth="false" disableUploadTimeout="true" enableLookups="false" keystoreFile="/opt/novell/ devman/jcc/certs/idp/connector.keystore" keystorePass="xxxxxxxxxxxxxxx" maxThreads="600" minSpareThreads="5" port="8443" scheme="https" secure="true" sslImplementationName="com.example.nidp.common.util.net.server.NIDPSSLImplementati on" useServerCipherSuitesOrder="true" sslProtocol="TLSv1.2" sslEnabledProtocols="SSLv2Hello,TLSv1.1,TLSv1.2" />
For information about connector attributes, see Apache Tomcat Configuration Reference.
<filter>
<filter-name>
httpHeaderSecurity
</filter-name>
<filter-class>
org.apache.catalina.filters.HttpHeaderSecurityFilter
</filter-class>
<async-supported>
true
</async-supported>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
NOTE:You can add these filters at any location in the web.xml if it is not within any existing tag.
You can modify this file using Advanced File Configurator. See Advanced File Configurator
in the NetIQ Access Manager Appliance CE 24.2 (v5.1) Administration Guide.
JAVA_OPTS="${JAVA_OPTS} -Dsun.security.ssl.allowUnsafeRenegotiation=false"
JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.rejectClientInitiatedRenegotiation=true"
JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.ephemeralDHKeySize=2048"
You can modify this file using Advanced File Configurator. See Advanced File Configurator
in the NetIQ Access Manager Appliance CE 24.2 (v5.1) Administration Guide.