Select to view content in your preferred language

ArcGIS Server 10.8.1 - port 6080 - SSL Cipher Suites

1046
4
03-21-2022 02:20 PM
LC27
by
Emerging Contributor

Hello,

I have installed a standalone GIS Server 10.8.1 and our contractor wants both HTTP (6080) and HTTPS (6443) ports open. What should 'SSL Protocols' and 'SSL Cipher Suites' contain in order for HTTP (6080) port to work? -- see the first attachment

If I leave everything as is and just use an option 'HTTP and HTTPS' protocol and hit update it complains and gives me an error code 500 - One or more invalid HTTPS cipher suites. -- see the second attachment

I suppose ssl protocols and ssl cipher suites need additional suites in order for the port 6080 to work but unsure what. I appreciate your response.

 

 

0 Kudos
4 Replies
BillFox
MVP Frequent Contributor
0 Kudos
LC27
by
Emerging Contributor

Thank you for your prompt response.

No AGOL access. TLSv1.2 is already there but does nothing in terms of enabling HTTP.

 

Based on the article you provided should SSL Protocols be updated in: TLSv1.1 and SSL Cipher Suites in all these?:

 

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
0 Kudos
BillFox
MVP Frequent Contributor

you can give this tool a try

https://www.nartac.com/Products/IISCrypto

download and run best practice, then reboot the server

0 Kudos