A customer of us has tested the SEGv2 with SSL Labs. Now the SEG is capped to a B grade. In the past with the classic SEG, I could run IISCrypto and everything was fine again. But since SEGv2 is running on Java, this tool doesn't work anymore. SEGv2 is running on Windows.
According to SSL labs, the main issues are:
- TLS 1.1 is enabled
- This server does not support Forward Secrecy with the reference browsers.
Does somebody have any idea how to fix this?
I know there should be a keystore file with cipher suites, but I don't know which file I should manipulate
Found the answer. For a A+ Rating you can perform the following steps:
I have been able to get forward secrecy to work in our Java server by changing this in the java.security file:
1) Uncomment (remove #) in front of crypto.policy=unlimited
2) set jdk.tls.disabledAlgorithms to
Obviously, the entries above are the algorithms to disable and must include all of the ones to disable because the crypto.policy is no longer limited."
Found the answer. For a A+ Rating you can perform the following steps:
I have been able to get forward secrecy to work in our Java server by changing this in the java.security file:
1) Uncomment (remove #) in front of crypto.policy=unlimited
2) set jdk.tls.disabledAlgorithms to
Obviously, the entries above are the algorithms to disable and must include all of the ones to disable because the crypto.policy is no longer limited."