SSL and TLS Settings

Stratusphere 6.5.x and higher appliances are configured with TLSv1.2 and TLSv1.3 out of the box. If you are already on this version, you can choose to skip this section and jump to the next section.

However, older versions of Stratusphere appliances supported older versions of SSL and TLS to allow for maximum compatibility with certain older Microsoft Windows-based machines still stuck on legacy browsers such as Internet Explorer. On older Microsoft Windows based machines, the CID Key also uses the existing Microsoft Internet Explorer downloading framework, forcing Stratusphere to ship with older versions of SSL and TLS for maximum compatibility. If legacy versions of browsers are still in use, these settings need to stay in place. However, if all of the legacy browsers have all been phased out, these configuration settings can and should be hardened for a more secure posture. The configuration settings must be updated manually on the Hub and each Collector appliance installed.

Here are instructions on how to edit the configuration file on the Hub and each Collector to change these settings:

1. On the Stratusphere Hub and each Collector appliance:
   1. Open a command line console to the appliance.
   2. Log in by entering the User ID (e.g., friend, ec2-user, azureuser, etc.) followed by your enhanced security STIG compliant password.
   3. Enter the command sudo bash and then enter your enhanced security STIG compliant password to switch to root.
      
      
2. Type the vi command to edit the httpd.conf file.
3. Copy

   vi /etc/lwl/httpd/httpd.conf

   
   
3. Use the / key to type and search for the SSLProtocol string.

4. Note: The command is case sensitive.

   
   
4. When found, go into Insert or Append mode by typing either the letter i or a.
5. Update the default line from:
   
   SSLProtocol All -SSLv2 -SSLv3 –TLSv1 –TLSv1.1
   
   to
   
   SSLProtocol TLSv1.2

6. Note: This will enable only TLS v1.2 on the Stratusphere appliance.

   
   
6. Use the Escape key and enter :wq! to write and quit.
7. Restart the Web Server to load the newly updated settings.
8. Copy

   systemctl restart httpd

8. Press CTRL+D twice to log out of the console.