12.3 Restoring Previous Security Settings for Access Gateway

12.3.1 Restoring the Previous Protocol Settings between Browsers and Access Gateway

  1. In the nambkup folder, open the NovellAGSettings.conf file from the mag <time stamp of upgrade>/conf folder.

  2. Search for SSL Protocol and copy the value associated with it.

  3. Click Devices > Access Gateways > Edit > Advanced Options and replace the following configuration with the value copied in NovellAGSettings.conf in step 2:

    SSLProtocol TLSv1.1 +TLSv1.2

12.3.2 Restoring the Previous Ciphers Settings between Browsers and Access Gateway

  1. In the nambkup folder, open the NovellAGSettings.conf file from the mag <time stamp of upgrade>/conf folder.

  2. Search for SSL and copy the value

  3. Click Devices > Access Gateways > Edit > Advanced Options and replace the following configuration with the value copied in NovellAGSettings.conf in step 2:

    SSLCipherSuite !aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:ALL:!EDH

    If NovellAGSettings.conf does not contain this line, delete this line in Access Gateway Advanced Options.

12.3.3 Removing the Clickjacking Filter

  1. In the /opt/novell/nesp/lib/webapp/WEB-INF/web.xml file, comment out the following tomcat filter configuration:

    <filter>
        <filter-name>TomcatSameOriginFilter</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
        <init-param>
            <param-name>antiClickJackingOption</param-name>
            <param-value>SAMEORIGIN</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>TomcatSameOriginFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
  2. Restart ESP by running the following command:

    Linux: /etc/init.d/novell-mag restart OR rcnovell-mag restart

    Windows: net stop Tomcat8

    net start Tocmat8

    NOTE:You can also restart ESP through Administration Console. Select the cluster node > Action > Service Provider > Restart Service Provider.

12.3.4 Removing HTTP Strict Transport Security

  1. Click Devices > Access Gateways > Edit > Advanced Options.

  2. Set the SetStrictTransportSecurity option to off.

  3. Restart Apache.

    Linux: /etc/init.d/novell-apache2 restart OR rcnovell-apache2 restart

    Windows: net stop apache2.2

    net start apache2.2