Cisco Support Community
Community Member

Disabling Weak Ciphers and SSL v2 on WCS


We are running a WCS appliance (Upgraded from WLSE) v4.2.62.0

This is running a Linux Distro and I have found refernce to a file called ssl.conf from within httpd.conf for the SSL settings.

Within this file is the Cipher setup string which include LOW and SSLv2. I have tried removing this reference, as well as adding a ! before each statement (apparently killing this option).

When I reboot the device I check the SSL.CONF file and it remains as it. I then scan the appliance and get a report back about weak ciphers and when I next check the SSL.CONF file it have "magically" reverted back to the original file.

So does anyone know HOW I can modify this? I have tried making the file read-only which doesn't help.




Re: Disabling Weak Ciphers and SSL v2 on WCS

You can place the WCS appliance behind an apache server and use the apache proxy function to set the ssl cipher level. I know this is a round-about way of doing it, but it provides for more control, security and customization

Community Member

Re: Disabling Weak Ciphers and SSL v2 on WCS

Well I have partially got around this now.

Inside the relevant folders there is a backup folder. By copying the changes into the file in this folder it seems to work. So from what I can fathom upon boot and service start the files are copied from the backup folder and these are the ones used for the service.

The only problem is I now need MOD_REWRITE to disable Track/Trace but the WCS didn't have this compiled.

I wish Cisco would harden their servers (well appliances really) more or at least give the administrators a way to lock these down

CreatePlease to create content