7.0 excludeProtocols - includeProtocols - allowCiphers - denyCiphers config file

7.0 excludeProtocols - includeProtocols - allowCiphers - denyCiphers config file

excludeProtocols - includeProtocols - allowCiphers - denyCiphers config file
The following configuration is recommended for systems running 7.0.0.63, and higher.
(For older 6.5 releases of UW, please see this article.)


/stoneware/config/excludeProtocols
TLSv1
TLSv1.1
# Uncomment the following line, to also disable TLS 1.2
#TLSv1.2
SSL
SSLv2
SSLv2Hello
SSLv3

/stoneware/config/includeProtocols - leave this file empty

/stoneware/config/allowCiphers
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_SHA256
TLS_ECDHE_RSA_WITH_AES_128_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_SHA
TLS_ECDHE_RSA_WITH_AES_256_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_SHA384
TLS_ECDHE_RSA_WITH_AES_256_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_SHA
TLS_DHE_RSA_WITH_AES_128_SHA256
TLS_DHE_RSA_WITH_AES_128_SHA
TLS_DHE_DSS_WITH_AES_128_SHA256
TLS_DHE_RSA_WITH_AES_256_SHA256
TLS_DHE_DSS_WITH_AES_256_SHA
TLS_DHE_RSA_WITH_AES_256_SHA
#TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
#TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

/stoneware/config/denyCiphers 
.*NULL.*
.*RC4.*
.*MD5.*
.*DES.*
.*DSS.*
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384


Any changes to these files requires webNetwork to be shut down and started back up.
    • Related Articles

    • excludeProtocols - includeProtocols - allowCiphers - denyCiphers config file

      As of UW release 6.5.8.28, UW now supports TLS version 1.3.  The following configuration is recommended for systems running 6.5.8.28, and higher. (For older releases of UW, please see this article.) /stoneware/config/excludeProtocols TLSv1 TLSv1.1 # ...
    • excludeProtocols - includeProtocols - allowCiphers - denyCiphers config file Legacy Configuration

      As of release 6.5.8.28, UW now supports TLS version 1.3.  For customers running UW 6.5.8.28, and higher, we recommend the following configuration. For customers running older releases of UW, the following configurations are still applicable. Starting ...
    • Change webNetwork License File

      To change/update your webNetwork license: Login to the Customer Portal, download your webNetwork license (license.sw). Copy the license file to each webNetwork server, replacing the existing file. The license file goes in the \stoneware\config ...
    • Debug CIFS file nodes

      ** Test with the Net use command ** From the main stoneware server go to a cmd prompt and type : ping server      Where server = the server name that holds the share. Make sure the ip number that comes back is the proper ip number then do a : ping -a ...
    • File Services Back-end Cache

      As of 6.3.0.x, the File Services back-end now caches the file listings for webStorage (and My Files). This means that if an individual uploads a file to a share outside of File Services, it will not appear in File Services (webStorage or My Files) ...
    • Popular Articles

    • Old Browser Versions

      Question: I am using an older browser version and am having problems. What can be done ? We are not able to upgrade the browser at this time.   This is a challenge for any company that makes software that utilizes a browser. Since Stoneware does not ...
    • LCS Redirection

      Problem: How to redirect the LCS in an environment with multiple LCSs and students connecting to them. Solution(s): Create an allow.cfg on all LCS(s) (including the Master) in the network, however, even if no allow.cfg is present on an LCS, machines ...
    • Time windows allows for Service Shutdown

      Issue: Can the time windows gives a service to shut down before it kills the service be increased? Solution: Yes, the following information comes from the Microsoft URL : http://support.microsoft.com/kb/146092 To specify the wait time, do the ...
    • How to disable password saving - Internet Explorer

      Having multiple methods for saving a password in the browser can cause confusion for the user.   To disable password saving in Internet Explorer, launch Internet Explorer and perform the following steps. Click the blue Settings menu icon in the upper ...
    • How to disable password saving - Chrome

      Having multiple methods for saving a password in the browser can cause confusion for the user.  To disable password saving in Chrome, launch Chrome and perform the following steps. Click the Chrome menu button in the upper right corner of the Chrome ...
    • Recent Articles

    • Lenovo Unified Workspace 7.0.0.63 Released

      Highlights of Unified Workspace 7.0.0.63 Before you install: Please view the installation notes here. 7.0.0.63 Requires new 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.0.63 New Profile Style New Login ...
    • How to fix customized login and profile after upgrading to v7.0

      With the release of 7.0 the default login page has been modified to simplify the customization process.  If you are having an issue with the login page not displaying, after upgrading to v7.0, you will need to delete the custom CSS code and start ...
    • SAML SP - Sync Directory Password

      Login script to prompt for directory password Since the user does not login into Unified Workspace with a password, we cannot capture the password to use in the @@password@@ variable.  If you would like to use the Active Directory password for other ...
    • MySQL 8 SSL

      Issue Admin is making a database connection to a MySQL 8 database.  When clicking the Ping button on the DB Connection object, the following error is presented: WARN: Establishing SSL connection without server's identity verification is not ...
    • 7.0 excludeProtocols - includeProtocols - allowCiphers - denyCiphers config file

      excludeProtocols - includeProtocols - allowCiphers - denyCiphers config file The following configuration is recommended for systems running 7.0.0.63, and higher. (For older 6.5 releases of UW, please see this article.) ...