Disabling 3DES for UMP and Primary Hub Server

book

Article ID: 145216

calendar_today

Updated On:

Products

NIMSOFT PROBES DX Infrastructure Management

Issue/Introduction

Using CA UIM in environment and a recent VA scan has flagged it is using 3DES Cipher.
Would like to know if 3DES can be disabled and will it cause any functionality issue.
If yes, what are the steps to disable 3DES for both UMP and Primary Hub servers?

Environment

Release : 8.51 / 9.x

Component : WASP

Resolution


Steps to remove 3DE ciphers from WASP

1. Open wasp.cfg file in ~\Program Files\Nimsoft\probes\service\wasp

2. Find below ciphers and remove

TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA

3. Save wasp.cfg file

4. Restart WASP

Additional Information

KB:How to disable weak SSL or TLS protocol and weak ciphers in UMP

https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=46324
KB:vulnerability assessment and penetration testing for UMP Servers(Cipher suites)

https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=128457

(Optional) Change the HTTPS Ciphers

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/8-5-1/installing-ca-uim/optional-post-installation-tasks/configure-https-in-admin-console-or-ump.html