Disabling 3DES for UMP and Primary Hub Server
Article ID: 145216
Updated On:
Products
DX Unified Infrastructure Management (Nimsoft / UIM)
Issue/Introduction
Using CA UIM in environment and a recent VA scan has flagged it is using 3DES Cipher.
Would like to know if 3DES can be disabled and will it cause any functionality issue.
If yes, what are the steps to disable 3DES for both UMP and Primary Hub servers?
Environment
Release : 8.51 / 9.x
Component : WASP
Resolution
Steps to remove 3DE ciphers from WASP
1. Open wasp.cfg file in ~\Program Files\Nimsoft\probes\service\wasp
2. Find below ciphers and remove
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
3. Save wasp.cfg file
4. Restart WASP
Additional Information
KB:How to disable weak SSL or TLS protocol and weak ciphers in UMP
https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=46324
KB:vulnerability assessment and penetration testing for UMP Servers(Cipher suites)
https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=128457
(Optional) Change the HTTPS Ciphers
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/8-5-1/installing-ca-uim/optional-post-installation-tasks/configure-https-in-admin-console-or-ump.html
https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=46324
KB:vulnerability assessment and penetration testing for UMP Servers(Cipher suites)
https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=128457
(Optional) Change the HTTPS Ciphers
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/8-5-1/installing-ca-uim/optional-post-installation-tasks/configure-https-in-admin-console-or-ump.html
Feedback
Yes
No
Powered by
