Open the backup server.xml. For location of the backup file, see Backed Up Configuration Files.
Search for the sslProtocol attribute and copy the attribute value.
Change to the Tomcat configuration directory:
Linux: /opt/novell/nam/idp/conf
Open the 4.3 server.xml file.
Search for the sslProtocol attribute. You will see the following value:
sslProtocol="TLSv1.2" sslEnabledProtocols="SSLv2Hello,TLSv1.1,TLSv1.2"
Replace this attribute value with the previous value that you copied.
Open the backup server.xml. For location of the backup file, see Backed Up Configuration Files.
Search for the cipher attribute in NIDP_Name="connector" inside the <Connectors> element and copy the list of ciphers.
Using command prompt, change to the Tomcat configuration directory:
Linux: /opt/novell/nam/idp/conf
Open the 4.3 server.xml file.
Search for the cipher attribute in NIDP_Name="connector" inside the <Connector> element.
Replace this list of ciphers with the list copied in step 2.
(Conditional) If you have multiple Identity Servers in your cluster configuration, repeat these steps on each Identity Server.
Open the backed up server.xml. For location of the backup file, see Backed Up Configuration Files.
Search for the cipher attribute in NIDP_Name="connector" inside the <Connectors> element and copy the list of ciphers
Using command prompt, change to the Tomcat configuration directory /opt/novell/nam/idp/conf:
Open the server.xml file. Search for the cipher attribute in NIDP_Name="connector" inside the <Connectors> element.
Replace the list of ciphers with the value you copied in step 2.
Open the /opt/novell/nam/idp/conf/tomcat.conf file.
Remove the following line:
JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.ephemeralDHKeySize=2048"
Change to the Tomcat configuration directory:
/opt/novell/nam/idp/conf/web.xml
Open the web.xml file and comment out the httpHeaderSecurity filter definition.
<filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <async-supported>true</async-supported> </filter>
Comment out the hstsMaxAgeSeconds parameter:
<init-param> <param-name>hstsMaxAgeSeconds</param-name> <param-value>31536000</param-value> </init-param>
Comment out the filter mapping.
<filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping>
In the /opt/novell/nids/lib/webapp/WEB-INF/web.xml file, comment out the following tomcat filter configuration:
<filter> <filter-name>TomcatSameOriginFilter</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>antiClickJackingOption</param-name> <param-value>SAMEORIGIN</param-value> </init-param> </filter> <filter-mapping> <filter-name>TomcatSameOriginFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Restart Identity Server by running /etc/init.d/novell-idp restart.