Managing iFolder Services
95
no
vd
ocx (
E
NU)
01
F
ebr
ua
ry
200
6
exchange, while SSL 3.0 supports a choice of key exchange algorithms, including the RC4 and RSA
key exchange, when certificates are used, and Diffie-Hellman key exchange for exchanging keys
without certificates and without prior communication between client and server. SSL 3.0 also
supports certificate chains, which allows certificate messages to contain multiple certificates and
support certificate hierarchies.
8.7.2 Configuring the SSL Cipher Suites for the Apache Server
To restrict connections to SSL 3.0 and to ensure strong encryption, we strongly recommend the
following configuration for the Apache server’s SSL cipher suite settings.
• Use only High and Medium security cipher suites, such as RC4 and RSA.
• Remove from consideration any ciphers that do not authenticate, such as Anonymous Diffie-
Hellman (ADH) ciphers.
• Use SSL 3.0, and disable SSL 2.0.
• Disable the Low, Export, and Null cipher suites.
To set these parameters, modify the aliases in the OpenSSL* ciphers command (the SSLCipherSuite
directive) in the
/etc/httpd/conf/httpd.conf
file.
1
Stop the Apache server: At a terminal console, enter
/etc/init.d/apache2 stop
2
Open the
/etc/httpd/conf/httpd.conf
file in a text editor, then locate the
SSLCipherSuite directive in the Virtual Hosts section:
SSLCipherSuite
ALL:!ADH:RC4+RSA:+HIGH:+LOW:+SSLv2:+EXP:+eNULL
3
Modify the plus (
+
) to a minus (
-
) in front of the ciphers you want to disable and make sure
there is a
!
(not) before ADH:
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:-
eNULL
4
Save your changes.
5
Start the Apache server: At a terminal console, enter
/etc/init.d/apache2 start
For more information about configuring strong SSL/TLS security solutions, see
SSL/TLS Strong
Encryption: How-To (http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html)
on the Apache.org Web
site.
8.7.3 Configuring the Enterprise Server for SSL
Communications with the LDAP Server
By default, the iFolder enterprise server is configured to communicate via SSL with the LDAP
Server. For most deployments, this setting should not be changed. If the LDAP server is on the same
machine as the enterprise server, communications do not need to be secured with SSL.
1
In iManager, expand the
Novell iFolder 3
role, select
System
, then wait for the page to refresh.
2
Select
LDAP
to open the System page to the LDAP tab, then click
Modify
.
Summary of Contents for IFOLDER 3 - ADMINISTRATION
Page 4: ...novdocx ENU 01 February 2006...
Page 10: ...10 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 30: ...30 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 40: ...40 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 44: ...44 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 50: ...50 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 66: ...66 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 80: ...80 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 102: ...102 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 108: ...108 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 124: ...124 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...
Page 140: ...140 Novell iFolder 3 x Administration Guide novdocx ENU 01 February 2006...