search cancel

DevTest 10.3.0 - Security Vulnerability - Weak RSA Key less than 2048

book

Article ID: 112660

calendar_today

Updated On:

Products

CA Application Test CA Continuous Application Insight (PathFinder)

Issue/Introduction

DevTest security vulnerability, Weak RSA Key less than 2048, on DevTest 10.3 server. 

Environment

Release: 10.3
Component: ITKOTF

Resolution

1. Add this entry to every .vmoptions file:

-Dhttps.protocols=TLSv1.2

2. Add this properties to the site.properties file of where the Registry is running:

lisa.server.https.cipher.suites=TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256

3. Update this file DEVTEST_HOME/jre/lib/java.security, change property to this value:

jdk.tls.disabledAlgorithms=TLSv1, MD5, SSLv3, SSLv2, DSA, DESede, DES, RSA keySize < 2048 Restart all of your DevTest components and re-scan.