X
PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 17 Jan 2024 01:21 PM by  Vipool Rathod
NV5 license server SSL/TLS protos and ciphers
 0 Replies
Sort:
You are not authorized to post a reply.
Author Messages

Vipool Rathod



New Member


Posts:5
New Member


--
17 Jan 2024 01:21 PM
    Due to organizational requirements for TLS protocols and ciphers, I modded the nv5geospatiallicenseserver systemd service to pass these options to node on license server startup. Note that there are several ways to add the node options and the below is just one of them. Also, this is for RedHat based systems, please adjust paths for Debian/Ubuntu or use a path common to both OS families (E.g., /etc/nv5/, /usr/local/etc/nv5/). Also, to only serve licenses via TLS, the system firewall can be configured to only allow 40443 or you can remove the "http" section the config/production.json file.

    Add the following to the [Service] section of /etc/systemd/system/nv5geospatiallicenseserver.service:

    '''
    EnvironmentFile=/etc/sysconfig/nv5geospatiallicenseserver
    '''

    Create /etc/sysconfig/nv5geospatiallicenseserver with the below content. Note that the below is all on one line and that TLS1.3 ciphers can be included. Adjust to your requirements. Do not use quotes.

    '''
    NODE_OPTIONS=--tls-min-v1.2 --tls-max-v1.3 --tls-cipher-list=TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256
    '''

    Run the following commands:
    sudo systemctl daemon-reload
    sudo systemctl restart nv5geospatiallicenseserver.service

    Check service:
    sudo systemctl status nv5geospatiallicenseserver.service
    sudo tail /usr/local/nv5/license_server/logs/license_server.log
    You are not authorized to post a reply.