search cancel

Cloud Proxy Vulnerabilities


Article ID: 186817


Updated On:


CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management


A vulnerability scan identified some vulnerabilities. They are related to support for static key cipher suites and insecure TLS/SSL protocols supported. We need your assistance to determine if we can add configuration changes to address or provide information to justify exception. 

Cloud Proxy Version:

The vulnerability scanning tool: Rapid 7 Nexpose, v6.6.3


Release : DX APM SaaS, Enterprise Manager Release: 19.10.04 (Build 990148)



The property in application.yml file and property apm.server.secureProtocols can be changed to TLSv1.2.

Also, JAVA allows cipher suites to be removed/excluded from use in the security policy file called that’s located in your JRE: $PATH/[JRE]/lib/security The jdk.tls.disabledAlgorithms property in the policy file controls TLS cipher selection.

Oracle has more information about this.

Weak cipher suites can be disabled at JDK level with following properties,

jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, DESede, DES, RSA keySize < 2048

Cloud proxy doesn't have any external configuration to enable/disable the cipher suites.