Problem

* A customer wants to increase the security of the API Server HTTPS interfaces by disallowing the use of SSLv2 or customizing the ciphers used by the API Server.

Resolution

-- Starting from Policy Studio, expand Listeners, then find the port that is receiving SSL traffic.  Click on that port, click Edit, go to the "Advanced (SSL)" tab, then change the ciphers from DEFAULT to HIGH:!SSLv2 or to a custom cipher list.  For more information on cipher lists, please consult the OpenSSL documentation.

The Node Manager's default administration port (8090) also uses SSL and is configurable, but you must use Policy Studio to edit the Node Manager's configuration in order to change it.  We advise making a backup before you edit the node manager's configuration.  Open Policy Studio, then click on the "open file" option on the left.  Now open the Node Manager configuration file:  [install directory]/apiserver/conf/fed/configs.xml

Next, expand Listeners | Node Manager | Management Services | Ports and edit the Management HTTPS Interface port.  Go to the "Advanced (SSL)" tab and change the ciphers from DEFAULT to HIGH:!SSLv2 or a custom cipher list, just like before.  If Policy Studio is not on the same machine as the node manager, you have to copy the entire fed directory to the system with Policy Studio, make your changes as described, then copy it back.