For maximum security, verify the correct use of cipher suites in GemFire TLS Handler.

1

To verify that the cipher suites are enabled, run the following commands on each node to verify that the protocols are enabled:

grep cluster-ssl-ciphers /usr/lib/vmware-vcops/user/conf/gemfire.properties | grep -v '#'

grep cluster-ssl-ciphers /usr/lib/vmware-vcops/user/conf/gemfire.native.properties | grep -v '#'

grep cluster-ssl-ciphers /usr/lib/vmware-vcops/user/conf/gemfire.locator.properties | grep -v '#'

2

Configure the correct cipher suites.

a

Navigate to the administrator user interface at URL/admin.

b

To bring the cluster offline, click Bring Offline.

c

To configure the correct cipher suites, run the following commands:

sed -i "/^[^#]*cluster-ssl-ciphers/ c\cluster-ssl-ciphers=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" /usr/lib/vmware-vcops/user/conf/gemfire.properties

sed -i "/^[^#]*cluster-ssl-ciphers/ c\cluster-ssl-ciphers=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" /usr/lib/vmware-vcops/user/conf/gemfire.native.properties

sed -i "/^[^#]*cluster-ssl-ciphers/ c\cluster-ssl-ciphers=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" /usr/lib/vmware-vcops/user/conf/gemfire.locator.properties

Repeat this step for each node.

d

Navigate to the administrator user interface at URL/admin.

e

Click Bring Online.