ArcGIS Server 10.8.1 - port 6080 - SSL Cipher Suites

LC27 · ‎03-21-2022

Hello,

I have installed a standalone GIS Server 10.8.1 and our contractor wants both HTTP (6080) and HTTPS (6443) ports open. What should 'SSL Protocols' and 'SSL Cipher Suites' contain in order for HTTP (6080) port to work? -- see the first attachment

If I leave everything as is and just use an option 'HTTP and HTTPS' protocol and hit update it complains and gives me an error code 500 - One or more invalid HTTPS cipher suites. -- see the second attachment

I suppose ssl protocols and ssl cipher suites need additional suites in order for the port 6080 to work but unsure what. I appreciate your response.

BillFox · ‎03-21-2022

TLS 1.2 also?

https://enterprise.arcgis.com/en/server/latest/administer/windows/restrict-arcgis-server-ssl-protoco...cipher-suites.htm

BillFox · ‎03-21-2022

any AGOL access too?

https://enterprise.arcgis.com/en/server/latest/administer/windows/secure-arcgis-server-communication...

LC27 · ‎03-21-2022

Thank you for your prompt response.

No AGOL access. TLSv1.2 is already there but does nothing in terms of enabling HTTP.

Based on the article you provided should SSL Protocols be updated in: TLSv1.1 and SSL Cipher Suites in all these?:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

BillFox · ‎03-21-2022

you can give this tool a try

https://www.nartac.com/Products/IISCrypto

download and run best practice, then reboot the server