Knowledge Base
All KB
Documents DT Documents
Articles & FAQs AR Articles
Trouble Reports TR Trouble Reports
Software Updates SU Software Updates
Searching in : Article
ID: AR07O00935
Applies to: NoMachine Server
Added on: 2017-07-28
Last Update: 2017-11-07

How to disable 3DES-CBC (short block sizes) in the NoMachine web server (nxhtd)

The NoMachine web server, nxhtd is based on Apache (e.g. nxd v. 5.3.9 is based on httpd-2.4.16).

It doesn't have the Triple-DES cipher disabled by default.

To disable 3DES-CBC for encrypting data traffic on HTTP over TSL (HTTPS):

1) Edit the NoMachine cloud.inc file, <installation directory>/etc/cloud.inc  (e.g. on Linux /usr/NX/etc/cloud.inc)

and change this line from:
 
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
 
to:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:!3DES
 

2) Then restart nxhtd to make this change effective:

nxserver --restart nxhtd
 

E.g. on Linux and Mac:

$ sudo /etc/NX/nxserver --restart nxhtd

 

IMPORTANT

3DES-CBC is disabled in nxhtd v. 6:
https://www.nomachine.com/FR08O03482
Disabling 3DES-CBC (short block sizes) in the NoMachine web server