For maximum security, verify the correct use of cipher suites in GemFire TLS Handler.

Procedure

  1. To verify that the cipher suites are enabled, run the following commands on each node to verify that the protocols are enabled:

    grep cluster-ssl-ciphers /usr/lib/vmware-vcops/user/conf/gemfire.properties | grep -v '#'

    grep cluster-ssl-ciphers /usr/lib/vmware-vcops/user/conf/gemfire.native.properties | grep -v '#'

    grep cluster-ssl-ciphers /usr/lib/vmware-vcops/user/conf/gemfire.locator.properties | grep -v '#'

  2. Configure the correct cipher suites.
    1. Navigate to the administrator user interface at URL/admin.
    2. To bring the cluster offline, click Bring Offline.
    3. To configure the correct cipher suites, run the following commands:

      sed -i "/^[^#]*cluster-ssl-ciphers/ c\cluster-ssl-ciphers=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" /usr/lib/vmware-vcops/user/conf/gemfire.properties

      sed -i "/^[^#]*cluster-ssl-ciphers/ c\cluster-ssl-ciphers=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" /usr/lib/vmware-vcops/user/conf/gemfire.native.properties

      sed -i "/^[^#]*cluster-ssl-ciphers/ c\cluster-ssl-ciphers=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" /usr/lib/vmware-vcops/user/conf/gemfire.locator.properties

      Repeat this step for each node.

    4. Navigate to the administrator user interface at URL/admin.
    5. Click Bring Online.