After running a vulnerability scanning tool, the resulting report shows that my PAM server is affected by the "TLS/SSL Server Does Not Support Any Strong Cipher Algorithms" vulnerability.
How can I eliminate the "TLS/SSL Server Does Not Support Any Strong Cipher Algorithms" vulnerability from my PAM Server?
PAM Server 3.x
Currently we are supporting ciphers considered by the scan not to be strong to have backward compatibility for some components such as the A2A client.
There is a plan to phase out the default support for TLS 1.0/1.1 when those components are deprecated or all updated to not require TLS 1.0/1.1.
For non-FIPS mode we are not supporting any forward secrecy as of 3.2.x at server level. But we do support forward secrecy for RDP sessions with TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 with version 3.2.2.
However, this request to support strong ciphers was considered by product management team and will be included in 3.3 release.
So, this vulnerability will be addressed in PAM version 3.3.