Security Scan Discovered Three Vulnerabilities on Port 2010 - DevTest 10.3

Article Id: 103615
Status: Published
Updated On: 27-06-2018 14:08
Products:
CA Application Test Service Virtualization CA Continuous Application Insight (PathFinder)
Issue/Introduction:

The included security report found the following vulnerabilities on Port 2010:

SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
SSL Medium Strength Cipher Suites Supported

Cause:

Cipher Suites

Environment:

Release:
Component: ITKOTF

Resolution:

Set the below value in the local.properties file of where the Registry is running. 

The general idea is to start with cipher suites designed for RSA and ECDSA keys. 

lisa.server.https.cipher.suites=\ 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,\ 
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,\ 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,\ 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,\ 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,\ 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,\ 
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\ 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,\ 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,\ 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,\ 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,\ 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,\ 
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,\ 
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,\ 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,\ 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,\ 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,\ 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 

For more, see https://www.feistyduck.com/library/openssl-cookbook/online/apA-ssl-tls-deployment-best-practices.html 

You will need restart the Registry. 

Re-did scan and this resolved the issue.