CA Web Viewer 12.1 SSL/TLS use of weak RC4 cipher

book

Article ID: 129110

calendar_today

Updated On:

Products

CA Output Management Document Viewer CA Output Management Web Viewer

Issue/Introduction

Our security team has found a vulnerability in the CA Output Management Web Viewer 12.1 application "SSL/TLS use of weak RC4 cipher". The application for is configured for TLS1.2.

We will have to disable the RC4 cipher. Will it be a problem for the application if we disable this.

Environment

Release:
Component: WBVLUW

Resolution

The certificate is vulnerable; not the application. Since the cipher is now considered vulnerable, new certificates will be required as the cipher is defined in the certificates.

Just disabling the RC4 cipher will invalidate the certificate preventing Web Viewer from operating so that is not an option.