Configuring TLS connection for CRS

Step-by-step guide

  1. Log in to the YSoft SafeQ Web Interface with sufficient rights to administer reports (e.g. "admin").

  2. Go to System> Reports, set  cryptographicProtocolForCdc to TLSv1.2 (or SSLv3, TLSv1, TLSv1.1 ) .

    images/download/attachments/142388544/cryptographicProtocolForCdc.png

  3. Go to System> Reports, set  customCipherSuitesForCdc  to set cipher suites for cryptographic protocol for communication encryption with CRS server.

    images/download/attachments/142388544/customCipherSuitesForCdc.png

  4. Log in to the server with  YSoft SafeQ CRS.

  5. Go to crs.conf (e.g. "c:\SafeQCRS\conf\modules\crs.conf") and set  cryptographicProtocolForCdc and  customCipherSuitesForCdc  with values from previous steps.

    cryptographicProtocolForCdc = TLSv1.2
    customCipherSuitesForCdc = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  6. Restart the YSoft SafeQ CML services on all nodes in your cluster.

  7. Restart the YSoft SafeQ CRS service.