book
Article ID: 112662
calendar_today
Updated On:
Products
CA Application Test
CA Continuous Application Insight (PathFinder)
Issue/Introduction
Remediate security vulnerability, SSL v2 and v3 detection, on DevTest Server.
Environment
Release: All supported DevTest releases
Component: ITKOTF
Resolution
1. Add this entry to every .vmoptions file:
-Dhttps.protocols=TLSv1.2
2. Add this properties to the site.properties file of where the Registry is running:
lisa.server.https.cipher.suites=TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256
3. Update this file DEVTEST_HOME/jre/lib/java.security, change property to this value:
jdk.tls.disabledAlgorithms=TLSv1, MD5, SSLv3, SSLv2, DSA, DESede, DES, RSA keySize < 2048
4. Restart all of your DevTest components and re-scan.