How to enhance SSL security level on AhsayCBS
June 4, 2025
Product Version
AhsayCBS: 7.3 - 7.17.x
Operating System
All Platforms
Description
This article provides instructions on how to provide a higher level of SSL security for AhsayCBS.
We strongly recommend upgrading to the latest AhsayCBS and AhsayOBM release (v9.15.0.0, as of 2025/May/15) for improved performance, compatibility, and security.
Contact us to confirm your license is valid to upgrade.
Solution
To disable all weak cipher suite on AhsayCBS:
- Edit the server.xml file found under ${Install-Home}\conf
Open 'server.xml' with a text editor:
server.xml ... <Service name="Catalina"> <Connector port="80" protocol="HTTP/1.1" maxKeepAliveRequests="1000" disableUploadTimeout="true" ... redirectPort="443" minSpareThreads="50" maxThreads="2000" acceptCount="200" ... connectionTimeout="120000" address="0.0.0.0" socketBuffer="16384" /> <Connector port="443" SSLCipherSuite="HIGH:!aNULL:!MD5" protocol="HTTP/1.1" ... ... ... Update the SSLCipherSuite parameter with:
SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:EDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"
server.xml ... <Service name="Catalina"> <Connector port="80" protocol="HTTP/1.1" maxKeepAliveRequests="1000" disableUploadTimeout="true" ... redirectPort="443" minSpareThreads="50" maxThreads="2000" acceptCount="200" ... connectionTimeout="120000" address="0.0.0.0" socketBuffer="16384" /> <Connector port="443"
SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:EDH+AESGCM:
ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:
ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:
DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK" protocol="HTTP/1.1" ...... ... - Save and exit from the text editor.
- Restart the AhsayCBS service.