PerkinElmer Informatics Support Forum
Decrease font size
Increase font size
Topic Title: Can I disable SSLv3 encryption on the Columbus server?
Topic Summary:
Created On: 12/18/2018 12:26 PM
Status Post and Reply
Linear : Threading : Single : Branch
Topic Tools Topic Tools
View topic in raw text format. Print this topic.
 12/18/2018 12:26 PM
User is offline View Users Profile Print this message


NW

Posts: 57
Joined: 5/13/2014

For servers where HTTPS support has been enabled for the Columbus login and webadmin pages its possible to disable SSLv3 encryption and leave only TLSv1 support enabled. To do that users must add a line to the server section of the /usr/local/PerkinElmerCTG/Columbus/webapp/server/config/nginx.tmpl file to specifiy ONLY the supported protocols. See the last line in the excerpt below as an example.

~~~~~~~~~~~~~~~~~~~~~

# https server for /login and /webadmin requests
server {

listen ${https_port} ssl;
ssl_certificate ${https_certificate};
ssl_certificate_key ${https_key};

# turn off SSL encryption
ssl_protocols TLSv1;

...

}

~~~~~~~~~~~~~~~~~~~~~

The Columbus service must be restarted after making the modifications.

$ sudo /etc/init.d/columbus restart

Note: Any modification will be overwritten during the next Columbus update.



Edited: 2/18/2019 at 4:42 AM by NW

FuseTalk Basic Edition v4.0 - © 1999-2019 FuseTalk Inc. All rights reserved.