It is recommended to disable SHA1 and CBC mode cipher encryption and enable CTR or GCM cipher mode encryption. Will there be any impact to ITCM?
Article ID: 191602
Updated On:
Products
CA Client Automation - Asset Management
CA Client Automation - IT Client Manager
CA Client Automation
CA Client Automation - Software Delivery
CA Client Automation - Remote Control
CA Client Automation - Asset Intelligence
CA Client Automation - Desktop Migration Manager
CA Client Automation - Patch Manager
Issue/Introduction
VA scan was conducted on ITCM and it was highlighted that there was a vulnerability on SSL Medium Strength Cipher Suites Supported (SWEET32)
The remote host supports the use of SSL ciphers that offer medium strength encryption. Because its medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
It is recommended to disable SHA1 and CBC mode cipher encryption and enable CTR or GCM cipher mode encryption. Will there be any impact to ITCM?
Environment
Release : 14.0 SP1 SP2 SP3
Component : DESKTOP AND SERVER MANAGEMENT
Resolution
There wont be any impact if you are in current version 14.0 SP3 (Current version uses sh2).Recommended to be on 14.0 Sp1 or Above.
Feedback
Yes
No
Powered by
