SSL cipher strength

Use this Forum to post your “How to …” questions about your use of LongReach. This is not a technical support forum. Both the LongReach Support Team at LANSA and other LongReach customers may answer your questions. LANSA cannot guarantee the accuracy of any information posted by customers.
Post Reply
tportho
Posts: 8
Joined: Fri Jan 13, 2012 11:38 pm

SSL cipher strength

Post by tportho » Thu Mar 29, 2012 4:35 am

Is it possible to set the cipher strength that the SSL cert uses? We had an external port scan report that it's currently using the lowest encryption level - I'd hope to improve on that so the report comes back without any complaints... :-)

alick
Posts: 67
Joined: Fri Dec 09, 2011 7:52 am

Re: SSL cipher strength

Post by alick » Thu Mar 29, 2012 1:23 pm

I assume you are using a HTTPS connection from the LongReach app to the LongReach server.
You need to generate your private key and public key/X.509 certificate with a higher key strength.
If you are using LANSA Integer PKIEditor you need to edit the XXXXX.pki.prj file and change the strength property to 2048.

tportho
Posts: 8
Joined: Fri Jan 13, 2012 11:38 pm

Re: SSL cipher strength

Post by tportho » Fri Mar 30, 2012 12:01 am

The certificate wasn't privately created - I'm familiar with setting the cipher strength through apache but not through the Lansa PKI editor

alick
Posts: 67
Joined: Fri Dec 09, 2011 7:52 am

Re: SSL cipher strength

Post by alick » Fri Mar 30, 2012 8:50 am

I think one of the LANSA USA support guys helped you export your keys from IBMi DCM into a .p12 file, and then imported these keys from the .p12 file into a .jks file.
To increase the size of your keys you need to generate new keys.

Post Reply