You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Java 8 update 60 (1.8.0_60) disables "RC4" cipher suites according to the Complete JDK 8 Release Notes.

This may cause problems with the communication between the Blancco Management Console 3 and the erasure software clients (Blancco 5, Blancco 5 Mobile, Blancco 4, etc.).

The issue will be fixed officially in the next Blancco Management Console 3 release (3.5.0), but there are two ways already available for fixing the situation manually.

1. Modifying the Blancco Management Console 3's server.xml file

This option is the more recommended one, and should be used if Blancco 4 based erasure software (older than version 4.12.3) is not used with Blancco Management Console 3. 

  1. Stop Blancco Management Console 3 service.
  2. Go to the Management Console 3 installation folder: {MC_3_installation_folder}\apache-tomcat\conf\
  3. Locate server.xml file.
  4. Make a backup copy of the file.
  5. Edit the java.security file with a text editor software (for example Notepad) according to the example further below.
  6. After editing the file, save it and restart the Blancco Management Console 3 service.
  • Locate line 14 (looks like this):

<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="500" ciphers="SSL_RSA_WITH_RC4_128_SHA" clientAuth="false" compression="on" connectionTimeout="30000" enableLookups="false" executor="tomcatThreadPool" keystoreFile="conf/keystore.jks" keystorePass="mchammer" port="8443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslEnabledProtocols="SSLv3,TLSv1,TLSv1.1,TLSv1.2"/>

  • Change it to this (replace the black bold string with the red bold string):

<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="500" ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" clientAuth="false" compression="on" connectionTimeout="30000" enableLookups="false" executor="tomcatThreadPool" keystoreFile="conf/keystore.jks" keystorePass="mchammer" port="8443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslEnabledProtocols="SSLv3,TLSv1,TLSv1.1,TLSv1.2"/>

2. Modifying the Java JRE's java.security file

This option should only be used, if Blancco 4 based erasure software (older than version 4.12.3) is used with Blancco Management Console 3, and server.xml file modifcation does not fix the issue.

  1. Stop Blancco Management Console 3 service.
  2. Go to the Java JRE installation folder: {JRE_HOME}\lib\security\
  3. Locate java.security file.
  4. Make a backup copy of the file.
  5. Edit the java.security file with a text editor software (for example Notepad) according to the example further below.
  6. After editing the file, save it and restart the Blancco Management Console 3 service.
  • Locate line 534 (looks like this):

< jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768

  • Change it to this (remove the red bold string):

> jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768

  • Locate line 591 (looks like this):

RC4_128, RC4_40, DES_CBC, DES40_CBC

  • Change it to this (remove the red bold string):

> DES_CBC, DES40_CBC

  • No labels