Configuring security for Infrastructure Management Server

Set SSL/TLS cipher suites and transport protocols

To override a default list of cipher suites and transport protocols, properties in <dispatcher_paragon_folder>/Management/ims/application.properties of IMS ims.tls.transport-protocols and ims.tls.cipher-suites need to be set. The following properties represent default values.

ims.tls.transport-protocols=TLSv1,TLSv1.1,TLSv1.2
ims.tls.cipher-suites=TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384

Database password encryption

To configure encryption of IMS database password stored in file <install_dir>/Management/ims/application.properties, the following configuration option needs to be present:

dataProtection.enableEncryption = true
 
dataProtection.pathToKey = <path to key file>

Note that <path to key file> should be absolute file path, eg. c:/encryption_secure_location/encryption.key

For information about creation and management of dataProtection attributes, as well as full list of supported configuration options, please refer to the Enhanced Password Protection.