Legacy Ciphers in PaperCut

KB Home   |   Legacy Ciphers in PaperCut

Main.LegacyCiphersInPaperCut History

Hide minor edits - Show changes to output

Changed lines 8-13 from:
If the device shows a connection error, but the PaperCut Admin web interface seems to be connected, follow the steps below.

'''1)''' Open [@[install_path]/server/server.properties@]\\
'''2)''' Edit [@server.ssl.cipher-suites@] to add the following ciphers:
[@TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,@][[<<]][@TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,@][[<<]][@TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,@][[<<]][@TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,@][[<<]][@SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,@][[<<]][@TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,@][[<<]][@TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,@][[<<]][@SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,@][[<<]][@SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,TLS_EMPTY_RENEGOTIATION_INFO_SCSV@]\\
'''3)''' Restart the PaperCut Application Server Service
.
to:
RC4 is currently enabled out of the box no further configuration is required.
August 11, 2016, at 04:57 AM by amir - format cipher list
Changed line 26 from:
[@wrapper.java.additional.22=-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,@][[<<]][@TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,@][[<<]][@TLS_ECDH_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5@]\\
to:
[@wrapper.java.additional.22=-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,@][[<<]][@TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,@][[<<]][@TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,@][[<<]][@TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,@][[<<]][@TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,@][[<<]][@SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,@][[<<]][@TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,@][[<<]][@TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,@][[<<]][@SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,@][[<<]][@SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,TLS_EMPTY_RENEGOTIATION_INFO_SCSV@]\\
August 11, 2016, at 04:42 AM by amir - format cipher list
Changed line 12 from:
[@TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,@][[<<]][@TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,TLS_EMPTY_RENEGOTIATION_INFO_SCSV@]\\
to:
[@TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,@][[<<]][@TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,@][[<<]][@TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,@][[<<]][@TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,@][[<<]][@SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,@][[<<]][@TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,@][[<<]][@TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,@][[<<]][@SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,@][[<<]][@SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,TLS_EMPTY_RENEGOTIATION_INFO_SCSV@]\\
August 11, 2016, at 04:39 AM by amir - updated cipher list to include the other more secure ciphers as otherwise bad practice
Changed line 12 from:
[@TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,@][[<<]][@TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5@]\\
to:
[@TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,@][[<<]][@TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,TLS_EMPTY_RENEGOTIATION_INFO_SCSV@]\\
August 09, 2016, at 08:11 AM by Jonathan - updated paths
Changed line 10 from:
'''1)''' Open [@[install_path]/server.properties@]\\
to:
'''1)''' Open [@[install_path]/server/server.properties@]\\
Changed line 22 from:
* Mac— [@[install_path]/server/bin/win/launch-app-server.conf@]
to:
* Mac— [@[install_path]/server/bin/mac/launch-app-server.conf@]
August 09, 2016, at 12:18 AM by 139.130.165.134 -
Changed lines 3-4 from:
With the release of PaperCut 16.2, we have updated the JRE (Java Runtime Environment) to 8u92. This might cause issues for older devices with weaker SSL ciphers, such as, RC4.
to:
With the release of PaperCut 16.2, we have updated the JRE (Java Runtime Environment) to 8u92. On some older devices with weaker SSL ciphers (such as, RC4), this upgrade might cause issues with the connection between the MFD and PaperCut.
Changed lines 8-9 from:
If the device shows a connection error but the PaperCut Admin web interface seems to be connected, follow the steps below.
to:
If the device shows a connection error, but the PaperCut Admin web interface seems to be connected, follow the steps below.
Changed lines 18-19 from:
If PaperCut can’t connect to the device, follow the steps below.
to:
If the PaperCut Admin web interface shows an error, follow the steps below.
Changed lines 21-22 from:
* Windows— [@[install_path]/server/data/bin/win/service.conf@]
* Linux—[@[install_path]/server/data/bin/linux-x*/app-monitor.conf@]
to:
* Windows— [@[install_path]/server/bin/win/service.conf@]
* Mac— [@[install_path]/server/bin/win/launch-app-server.conf@]
* Linux—[@[install_path]/server
/bin/linux-x*/app-monitor.conf@]
August 08, 2016, at 11:50 PM by 139.130.165.134 -
Changed lines 23-24 from:
'''2)''' Find [@wrapper.java.additional.21=-Xloggc:logs/gc.log@] and add the following line under it. '''Note:''' You might need to change .22 to .23 or .24 if the numbers are already in use.\\
to:
'''2)''' Find [@wrapper.java.additional.21=-Xloggc:logs/gc.log@] and add the following line under it. \\
'''Note:''' You might need to change .22 to .23 or .24 if the numbers are already in use.\\
August 08, 2016, at 11:50 PM by 139.130.165.134 -
Changed line 20 from:
'''1)''' Open the following file:
to:
'''1)''' Open the one of the  following files depending on your operating system:
Changed line 22 from:
* Linux—[@[install_path]/server/data/bin/linux-x*/app-monitor.conf@] \\
to:
* Linux—[@[install_path]/server/data/bin/linux-x*/app-monitor.conf@]
August 08, 2016, at 11:49 PM by 139.130.165.134 -
Changed line 20 from:
'''1)''' Open the following file:\\
to:
'''1)''' Open the following file:
August 08, 2016, at 11:48 PM by 139.130.165.134 -
Changed lines 3-6 from:
With the release of PaperCut 16.2 we have updated the JRE (Java Runtime Environment) to 8u92 which has removed out of the box support for older weaker SSL ciphers like RC4 which can cause some issues for older devices.

To enable support for these older ciphers you first need
to work out whether the connection problem is inbound to PaperCut or Outbound to the device.
to:
With the release of PaperCut 16.2, we have updated the JRE (Java Runtime Environment) to 8u92. This might cause issues for older devices with weaker SSL ciphers, such as, RC4.

To enable support for these older ciphers, you first need to work out if the connection problem is inbound
to PaperCut or outbound to the device.
Changed lines 8-9 from:
If the device is showing a connection error but the PaperCut Admin interface seems to be connected follow the steps below.
to:
If the device shows a connection error but the PaperCut Admin web interface seems to be connected, follow the steps below.
Changed line 11 from:
'''2)''' Edit [@server.ssl.cipher-suites@] to add the ciphers below:
to:
'''2)''' Edit [@server.ssl.cipher-suites@] to add the following ciphers:
Changed lines 13-15 from:
'''3)''' Restart the PaperCut Application Server Service

to:
'''3)''' Restart the PaperCut Application Server Service.

Changed lines 18-21 from:
If PaperCut can’t connect to the device follow the steps below.

'''1)''' Open [@[install_path]/server/data/bin/win/service.conf@] ([@[install_path]/server/data/bin/linux-x*/app-monitor.conf@] for Linux)\\
'''2)''' Find [@wrapper.java.additional.21=-Xloggc:logs/gc.log@] and add the line below under it you may need to change .22 to .23 or .24 if the numbers are already in use.\\
to:
If PaperCut can’t connect to the device, follow the steps below.

'''1)''' Open the following file:\\
* Windows—
[@[install_path]/server/data/bin/win/service.conf@]
* Linux—[@[install_path]/server/data/bin/linux-x*/app-monitor.conf@] \\
'''2)''' Find [@wrapper.java.additional.21=-Xloggc:logs/gc.log@] and add the following line under it. '''Note:''' You might need to change .22 to .23 or .24 if the numbers are already in use.\\
Changed line 25 from:
'''3)''' Restart the PaperCut Application Server Service
to:
'''3)''' Restart the PaperCut Application Server Service.
Changed lines 12-14 from:

[@TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5@]
to:
[@TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,@][[<<]][@TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5@]\\
Changed lines 20-25 from:
'''1)''' Open [@[install_path]/server/data/bin/win/service.conf@] ([@[install_path]/server/data/bin/linux-x*/app-monitor.conf@] for Linux)

'''2)''' Find [@wrapper.java.additional.21=-Xloggc:logs/gc.log@] and add the line below under it you may need to change .22 to .23 or .24 if the numbers are already in use.

[@wrapper.java.additional.22=-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5@]
to:
'''1)''' Open [@[install_path]/server/data/bin/win/service.conf@] ([@[install_path]/server/data/bin/linux-x*/app-monitor.conf@] for Linux)\\
'''2)''' Find [@wrapper.java.additional.21=-Xloggc:logs/gc.log@] and add the line below under it you may need to change .22 to .23 or .24 if the numbers are already in use.\\
[@wrapper.java.additional.22=-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,@][[<<]][@TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,@][[<<]][@TLS_ECDH_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5@]\\
Changed line 10 from:
'''1)''' Open [@[install_path]/server.properties@]
to:
'''1)''' Open [@[install_path]/server.properties@]\\
Changed lines 13-14 from:
--->[@TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5@]
to:
[@TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5@]
Changed line 26 from:
--->[@wrapper.java.additional.22=-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5@]
to:
[@wrapper.java.additional.22=-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5@]
August 08, 2016, at 05:38 PM by Jonathan - first draft
Added lines 1-33:
(:title Legacy Ciphers in PaperCut:)

With the release of PaperCut 16.2 we have updated the JRE (Java Runtime Environment) to 8u92 which has removed out of the box support for older weaker SSL ciphers like RC4 which can cause some issues for older devices.

To enable support for these older ciphers you first need to work out whether the connection problem is inbound to PaperCut or Outbound to the device.

!!Inbound to PaperCut
If the device is showing a connection error but the PaperCut Admin interface seems to be connected follow the steps below.

'''1)''' Open [@[install_path]/server.properties@]
'''2)''' Edit [@server.ssl.cipher-suites@] to add the ciphers below:

--->[@TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5@]

'''3)''' Restart the PaperCut Application Server Service


!!Outbound to Device

If PaperCut can’t connect to the device follow the steps below.

'''1)''' Open [@[install_path]/server/data/bin/win/service.conf@] ([@[install_path]/server/data/bin/linux-x*/app-monitor.conf@] for Linux)

'''2)''' Find [@wrapper.java.additional.21=-Xloggc:logs/gc.log@] and add the line below under it you may need to change .22 to .23 or .24 if the numbers are already in use.

--->[@wrapper.java.additional.22=-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5@]

'''3)''' Restart the PaperCut Application Server Service

----
''Categories:'' [[Category.Security|+]]
----
[-Keywords: SSL, Ciphers, RC4-]

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on August 30, 2016, at 10:28 PM
Printable View   |   Article History   |   Edit Article