The below document describes how to configuring the cipherlist tags, will address issues with the detection of weak ciphers, during vulnerability scans on Windows and non-Windows platforms. 

Because the vulnerabilities scans are detecting weak ciphers on the servers, this document will assist in creating a cipherlist to address the weak ciphers that are detected.

Embedded Entitlements Manager 12.51 CR05 and Above.

For the a list of ciphers that you can use with the EEM product, please refer to the following OpenSSL site: 
https://www.openssl.org/docs/man1.0.2/apps/ciphers.html

Below is a sample cipher that can be used.  You can add to the below cipherlist, from the ciphers listed in the OpenSSL site, as your business needs see fit.
kEDH:ALL:!ADH:!DES:!3DES:!LOW:!EXPORT40:!RC4:+SSLv2:@STRENGTH 

Here are the instructions for adding the cipherlist for EEM 12.51 CR05 and above: 

To protect port 5250 (which is iGateway):
- Edit the following file: 
$IGW_LOC/igateway.conf or %IGW_LOC%\igateway.conf
- Enter the ciphers in the cipher tag, as in the example: 
<cipherlist>kEDH:ALL:!ADH:!DES:!3DES:!LOW:!EXPORT40:!RC4:+SSLv2:@STRENGTH</cipherlist> 
- Save the changes and restart the igateway service 

To protect port 509 (which is CA Directory):
- Edit the following file: 
$DXHOME/config/ssld/itechpoz.dxc or %DXHOME%\config\ssld\itechpoz.dxc
-Enter the ciphers in the cipher tag, above the 'protocol' line: 
cipher = "kEDH:ALL:!ADH:!DES:!3DES:!LOW:!EXPORT40:!RC4:+SSLv2:@STRENGTH" 
- Save the changes and restart the CA Directory service