Configuring security for Infrastructure Management Server
Set SSL/TLS cipher suites and transport protocols
To override a default list of cipher suites and transport protocols, properties in <safeq_folder>/Management/ims/application.properties of IMS ims.tls.transport-protocols and ims.tls.cipher-suites need to be set. The following properties represent default values.
ims.tls.transport-protocols=TLSv1,TLSv1.1,TLSv1.2
ims.tls.cipher-suites=TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384
Database password encryption
To configure encryption of IMS database password stored in file <install_dir>/Management/ims/application.properties, the following configuration option needs to be present:
dataProtection.enableEncryption =
true
dataProtection.pathToKey = <path to key file>
Note that <path to key file> should be absolute file path, eg. c:/encryption_secure_location/encryption.key
For information about creation and management of dataProtection attributes, as well as full list of supported configuration options, please refer to the Enhanced Password Protection.