Specifying which cipher suites are enabled for the Security Server

To specify which cipher suites are enabled for the Security Server

  1. Determine the cipher suites supported for your Java version.
    1. Set your environment variables, ensuring that JAVA_HOME is correctly set in PATH.
    2. At the command line, type

      java -cp <FullPathToGENDIR>/java/thirdParty/sec-client.jar com.lawson.security.encryption.CipherSuites

      - or -

    3. Enable trace logging for the com.lawson.security.encryption package in SecurityLoggerConfiguration.xml (or, if you want to narrow the logging scope further, enable logging for the com.lawson.security.encryption.CipherSuites class).

      For examples of SecurityLoggerConfiguration.xml modfications, see the section "Sample SecurityLoggerConfiguration.xml Modifications".

    4. Restart LASE.
    5. Look for getSupportedCipherSuites in the log. The log will show the configured, supported, and default cipher suites.
  2. Open the lsservice.properties file in LAWDIR/system.
  3. Add a property key named server.default.ciphersuites and set its value to a comma-separated list of cipher suites you want to enable. For example:

    server.default.ciphersuites=TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

  4. Save and close the file.
  5. Restart LASE (the Security Server). When you start the Security Server, the secured (HTTPS) port should allow allow communication using those cipher suites.