A vulnerability scan identified some vulnerabilities. They are related to support for static key cipher suites and insecure TLS/SSL protocols supported. We need your assistance to determine if we can add configuration changes to address or provide information to justify exception.
Cloud Proxy Version: 220.127.116.11
The vulnerability scanning tool: Rapid 7 Nexpose, v6.6.3
The property in application.yml file and property apm.server.secureProtocols can be changed to TLSv1.2.
Also, JAVA allows cipher suites to be removed/excluded from use in the security policy file called java.security that’s located in your JRE: $PATH/[JRE]/lib/security The jdk.tls.disabledAlgorithms property in the policy file controls TLS cipher selection.
Oracle has more information about this.
Weak cipher suites can be disabled at JDK level with following properties,