In the nambkup folder, open the NovellAGSettings.conf file from the mag <time stamp of upgrade>/conf folder.
Search for SSL Protocol and copy the value associated with it.
Click Devices > Access Gateways > Edit > Advanced Options and replace the following configuration with the value copied in NovellAGSettings.conf in step 2:
SSLProtocol TLSv1.1 +TLSv1.2
In the nambkup folder, open the NovellAGSettings.conf file from the mag <time stamp of upgrade>/conf folder.
Search for SSL and copy the value
Click Devices > Access Gateways > Edit > Advanced Options and replace the following configuration with the value copied in NovellAGSettings.conf in step 2:
SSLCipherSuite !aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:ALL:!EDH
If NovellAGSettings.conf does not contain this line, delete this line in Access Gateway Advanced Options.
In the /opt/novell/nesp/lib/webapp/WEB-INF/web.xml file, comment out the following tomcat filter configuration:
<filter> <filter-name>TomcatSameOriginFilter</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>antiClickJackingOption</param-name> <param-value>SAMEORIGIN</param-value> </init-param> </filter> <filter-mapping> <filter-name>TomcatSameOriginFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Restart ESP by running the following command:
Linux: /etc/init.d/novell-mag restart OR rcnovell-mag restart
Windows: net stop Tomcat8
net start Tocmat8
NOTE:You can also restart ESP through Administration Console. Select the cluster node > Action > Service Provider > Restart Service Provider.
You need to perform the following two actions to disable the HTTP Strict Transport Security setting:
Set the SetStrictTransportSecurity option to off.
Disable the httpHeaderSecurity filter definition in ESP web.xml.
Setting SetStrictTransportSecurity to off
Click Devices > Access Gateways > Edit > Advanced Options.
Set the following option:
SetStrictTransportSecurity off
Restart Apache.
Linux: /etc/init.d/novell-apache2 restart OR rcnovell-apache2 restart
Windows: net stop apache2.2
net start apache2.2
Disabling httpHeaderSecurity in ESP web.xml
Change to the Tomcat configuration directory:
Linux: /opt/novell/nam/mag/webapps/nesp/WEB-INF/web.xml
Windows Server: \Program Files\Novell\Tomcat\webapps\nesp\WEB-INF\WEB-INF\web.xml
Open the web.xml file and comment out the httpHeaderSecurity filter definition.
<filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <async-supported>true</async-supported> </filter>
Comment out the hstsMaxAgeSeconds parameter:
<init-param> <param-name>hstsMaxAgeSeconds</param-name> <param-value>31536000</param-value> </init-param>
Comment out the filter mapping.
<filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping>