Security Scan Discovered Three Vulnerabilities on Port 2010 - DevTest 10.3

book

Article ID: 103615

calendar_today

Updated On:

Products

CA Application Test Service Virtualization CA Continuous Application Insight (PathFinder)

Issue/Introduction

The included security report found the following vulnerabilities on Port 2010:

SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
SSL Medium Strength Cipher Suites Supported

Cause

Cipher Suites

Environment

Release:
Component: ITKOTF

Resolution

Set the below value in the local.properties file of where the Registry is running. 

The general idea is to start with cipher suites designed for RSA and ECDSA keys. 

lisa.server.https.cipher.suites=\ 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,\ 
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,\ 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,\ 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,\ 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,\ 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,\ 
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\ 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,\ 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,\ 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,\ 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,\ 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,\ 
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,\ 
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,\ 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,\ 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,\ 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,\ 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 

For more, see https://www.feistyduck.com/library/openssl-cookbook/online/apA-ssl-tls-deployment-best-practices.html 

You will need restart the Registry. 

Re-did scan and this resolved the issue.