How to resolve RC4 ciphers issue and TLS v1 on OVA

book

Article ID: 125180

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction



• Port 22 – It is SSH port, weak RC4 ciphers 
* port 443 and 8443, TLS v1 needs to be disabled. 

Environment

Virtual Appliance 14.2
 

Resolution

HF-DE371990-20180627-0001.tar.gpg for SSH 

For port 8443, there is a https-listener-hardening file which can be edited and set to value of true which would force usage of TLS 1.2 instead. There is a separate file for each service under the /opt/CA/VirtualAppliance/custom folder.

For port 443, disabling TLSv1.0 is not supported in version 2.2.15 of httpd, which is the latest version released for CentOS 6 (which is the base of vApp 14.1 and 14.2). Fixing this issue is in our road map for future versions. In the meantime, we would advise a customer to limit network access to this port to admin workstations only.