100
Novell iFolder 3.x Administration Guide
no
vd
ocx (
E
NU)
01
F
ebr
ua
ry
200
6
• Disable the Low, Export, and Null cipher suites.
To set these parameters, modify the aliases in the OpenSSL* ciphers command (the SSLCipherSuite
directive) in the
/etc/httpd/conf/httpd.conf
file.
1
Stop the Apache server: At a terminal console, enter
/etc/init.d/apache2 stop
2
Open the
/etc/httpd/conf/httpd.conf
file in a text editor, then locate the
SSLCipherSuite directive in the Virtual Hosts section:
SSLCipherSuite
ALL:!ADH:RC4+RSA:+HIGH:+LOW:+SSLv2:+EXP:+eNULL
3
Modify the plus (
+
) to a minus (
-
) in front of the ciphers you want to disable and make sure
there is a
!
(not) before ADH:
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:-
eNULL
4
Save your changes.
5
Start the Apache server: At a terminal console, enter
/etc/init.d/apache2 start
For more information about configuring strong SSL/TLS security solutions, see
SSL/TLS Strong
Encryption: How-To (http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html)
on the Apache.org Web
site.
9.5.3 Configuring the Web Access Server for SSL
Communications with the Enterprise Server
By default, the iFolder enterprise server is configured to communicate with the iFolder Web Access
server via SSL. For most deployments, this setting should not be changed because iFolder uses
HTTP BASIC for authentication, which means passwords are sent to the server in the clear. If the
iFolder deployment is small and the Web Access server co-exists on the same machine as the iFolder
enterprise server, an Administrator could reconfigure to disable SSL, which would increase the
performance of local communications between the two servers.
The communication between the Web Access server and the iFolder enterprise server is determined
during the YaST configuration of the Web Access server. Specify an https:// in the URL for the
enterprise server for SSL (HTTPS) communications between the servers. Traffic between the two
servers is secure. If you specify an http:// in the URL, HTTP is used for communications between
the servers and traffic is insecure.
The setting is stored in the
/opt/novell/ifolder3/webaccess/Web.config
file under
the following tag:
<add key="SimiasUrl" value="https://localhost" />
If you disable SSL between Web Access server and the enterprise server and if the two servers are
on different machines, you must also disable the iFolder server SSL requirement. Because the
enterprise SSL setting also controls the traffic between the enterprise server and the client, all Web
traffic between servers and between the clients and the enterprise server would be insecure.
Summary of Contents for IFOLDER 3 - ADMINISTRATION
Page 4: ...novdocx ENU 01 February 2006...
Page 10: ...10 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 30: ...30 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 40: ...40 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 44: ...44 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 50: ...50 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 66: ...66 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 80: ...80 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 102: ...102 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 108: ...108 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 124: ...124 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 140: ...140 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...