Wednesday, November 27, 2024

BlackBerry Mobile Fusion Studio -> Disable weak cipher & ssl 2.0 for PCI-DSS

If you wish to implement the “BlackBerry Mobile Fusion Studio” in a PCI environment your are forced to disable all weak cipher and must enforce SSL 2.0.

Because according to section 4.1 of the the Payment Card Industry Data Security Standard (PCI-DSS) v1.2, merchants handling credit card data are required to “use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.”

So in order to validate your PCI DSS compliance in this area you will need to ensure that your “BlackBerry Mobile Fusion Studio” Server within your PCI environment is configured to disallow Secure Sockets Layer (SSL) version 2 as well as “weak” cryptography. So to disable the weak cipher do the following:

1.) Open the “C:\Program Files (x86)\Research In Motion\BlackBerry Mobile Fusion Studio\jetty\etc\jetty-bio-ssl.xml” file.

2.) add the following section:

    <Set name="ExcludeCipherSuites">
          <Array type="java.lang.String">
                <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
                <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
                <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
                <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
                <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
                <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
                <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
          </Array>
    </Set>

so that your config file section would now look like similar like the example here:

<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSocketConnector">
<Set name="Port">9443</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Keystore"><Property name="jetty.home" default="." />/etc/keystore</Set>
...
<Set name="ExcludeCipherSuites">
<Array type="java.lang.String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
</New>
</Arg>
</Call>

 After that reboot your server (or restart only the “BlackBerry Mobile Fusion Studio” Service).

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Stay Connected

35FollowersFollow
- Advertisement -

Latest Articles