You can specify a list of cipher suites as an alternative to the RC4 algorithm used for TLS communication. The RC4 algorithm is a weaker cipher and vulnerable to attacks. If you want to disable the RC4 algorithm from Smart Assurance, you can use a cipher suite list.

A cipher suite is a suite of cryptographic algorithms used to provide encryption, integrity and authentication. Cipher suite lists and the SM_TLS_SUITE_LIST environment variable are described in Communication protocols overview. Security Advisory “ESA-2016-115” provides more information about the fixed vulnerabilities for the RC4 algorithm.

Introduced with the 9.4.2 release, this feature is supported for the following Smart Assurance products: SAM, IP Manager, ESM, MPLS, NPM, OTM, VoIP AM, and the SAM Global Console. It is not supported for EMC M&R. If your deployment includes NCM, consult the VMware Smart Assurance Network Configuration Manager Security Configuration Guide for information about using ciphers.

To disable the RC4 algorithm and specify a cipher suite list, follow this procedure.


  1. For each Manager and SAM Global Console, add the SM_TLS_SUITE_LIST environment variable to the file.
    1. Go to the <BASEDIR>/smarts/bin directory and enter this command to open the file:
      sm_edit local/conf/
    2. Add the SM_TLS_SUITE_LIST variable and specify one or more cipher suites. Use a colon (:) to separate multiple cipher suites. For example:
      In this example, two cipher suites are listed:
    3. Save and close the file.
    4. Restart the Manager.
  2. For each SAM Global Console, perform these steps to allow the console to communicate with the Broker:
    1. Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 from the Oracle website.
    2. Extract the local_policy.jar and US_export_policy.jar files from the downloaded zip file into a temporary directory.
    3. Go to the <BASEDIR>/smarts/jre/lib/security directory and then back up the existing policy files in this directory.
    4. Overwrite the local_policy.jar and US_export_policy.jar files in the <BASEDIR>/smarts/jre/lib/security directory.
    5. Restart the SAM Console Tomcat server and Global Consoles (sm_gui applications) for the changes to take effect.