This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Looking to upgrade from Dynatrace Managed to SaaS? See how

Reducing TLS ciphers in Managed?

AntonioSousa
DynaMight Guru
DynaMight Guru

‎11 Feb 2025 09:49 PM

In Dynatrace Managed clusters, there is the possibility to limit the ciphers being used, as described in:

https://docs.dynatrace.com/managed/shortlink/managed-custom-install#ssl-certificates-parameters

AntonioSousa_0-1739309216617.png

In a current Managed configuration I see in the configuration file:

SSL_CIPHERS = TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM

I understand that I have to run the command, with the new list of ciphers. But some doubts:

  • Does this affect both UI access and OneAgent/ActiveGate access?
  • This command affects only the cluster node where it is executed, or the whole cluster?
  • Does it restart the web server process automatically, or do we have to restart it so the new list of ciphers aplies?
Antonio Sousa
0 Kudos
Reply
2 REPLIES 2

erh_inetum
Champion

‎12 Feb 2025 11:33 AM

Hi Antonio,

  • Does this affect both UI access and OneAgent/ActiveGate access?

I think it affects only to AG.

  • This command affects only the cluster node where it is executed, or the whole cluster?

I think it affects only the cluster node where it is executed

  • Does it restart the web server process automatically, or do we have to restart it so the new list of ciphers aplies?

I think it's only necessary restarting cluster nodes. In case you configure accepted/excluded ciphers via custom.properties on AG it's only necessary restarting AG.

Here you have more information.

Anyway, @stefanie_pachne , could you confirm this information? Thanks in advance.

Hope it helps, Antonio.

Regards,

Elena.

 

0 Kudos
Reply

stefanie_pachne
Dynatrace Helper
Dynatrace Helper
In response to erh_inetum

‎13 Feb 2025 07:58 AM - edited ‎13 Feb 2025 10:01 AM

Hi,

it affects the communication with this cluster node depending on your setup (https://docs.dynatrace.com/managed/managed-cluster/basic-concepts/managed-deployment-scenarios).

Follow one of these instructions and feel free to contact Live Chat if the instructions are unclear:

Best,
Stefanie

Reply
Ask a question

Featured Posts