13.1 Restoring Previous Security Settings for Administration Console

13.1.1 Restoring the Previous Protocols Settings

  1. Open the backup server.xml. For location of the backup file, see Backed Up Configuration Files.

  2. Search for the sslProtocol attribute in NIDP_Name="devman" and NIDP_Name="connector" inside the Connector element and copy the attribute values.

  3. Change to the Tomcat configuration directory and open the 4.3 or later server.xml file:

    Linux: /opt/novell/nam/adminconsole/conf

    Windows Server 2012: \Program Files (x86)\Novell\Tomcat\conf

  4. Search for the sslProtocol attribute in the NIDP_Name="devman" and NIDP_Name="connector" inside the Connector element. You will see the following value:

    sslProtocol="TLSv1.2" sslEnabledProtocols="SSLv2Hello,TLSv1.1,TLSv1.2"

  5. Replace this attribute value with the previous value that you copied in step 2.

13.1.2 Restoring the Previous Settings of Ciphers for SSL Communication

  1. Open the backup server.xml. For location of the backup file, see Backed Up Configuration Files.

  2. Search for the cipher attribute in NIDP_Name="devman" and NIDP_Name="connector" inside the Connector element and copy the list of ciphers.

  3. Change to the Tomcat configuration directory:

    Linux: /opt/novell/nam/adminconsole/conf

    Windows Server 2012: \Program Files (x86)\Novell\Tomcat\conf

  4. Open the server.xml file. Search for the cipher attribute in NIDP_Name="devman" and NIDP_Name="connector" inside the Connector element.

  5. Replace this list of ciphers with the list copied in step 2.

13.1.3 Disabling Perfect Forward Secrecy

  1. Open the backup server.xml. For location of the backup file, see Backed Up Configuration Files.

  2. Search for the cipher attribute in NIDP_Name="devman" and NIDP_Name="connector" inside the <Connectors> element and copy the list of ciphers

  3. Change to the Tomcat configuration directory:

    Linux: /opt/novell/nam/adminconsole/conf

    Windows Server 2012: \Program Files (x86)\Novell\Tomcat\conf

  4. Open the server.xml file. Search for the cipher attribute in NIDP_Name="devman" and NIDP_Name="connector" inside the <Connectors> element.

  5. Replace the list of ciphers with the value you copied in step 2.

  6. Remove the useServerCipherSuitesOrder attribute.

13.1.4 Restoring the Previous Size of EDH Keys

Linux:

  1. Open the /opt/novell/nam/adminconsole/conf/tomcat7.conf file.

  2. Remove the following line:

    JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.ephemeralDHKeySize=2048"

Windows:

  1. Navigate to C:\Program Files (x86)\Novell\Tomcat\bin and then double-click tomcat7w.

  2. Under the Java tab, remove the following line in Java Options:

    -Djdk.tls.ephemeralDHKeySize=2048

13.1.5 Removing HTTP Strict Transport Security

  1. Change to the Tomcat configuration directory:

    Linux: /opt/novell/nam/adminconsole/conf/web.xml

    Windows Server 2012: \Program Files (x86)\Novell\Tomcat\conf

  2. Open the web.xml file and comment out the httpHeaderSecurity filter definition.

    <filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</
filter-class>
<async-supported>true</async-supported>
</filter>

  3. Comment out the following parameter that sets up an appropriate maximum age value:

    <init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>

  4. Comment out the filter mapping.

    <filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>