Helpdesk Connector Vulnerability on port 8443 - needs to disable TLS1.0

book

Article ID: 199812

calendar_today

Updated On:

Products

CA Service Operations Insight (SOI)

Issue/Introduction

A Nessus scan detected TLS1.0 was enabled on Helpdesk connector port 8443

Environment

Release : 4.2

Component : Service Operations Insight (SOI) Manager

Resolution

- Open \SOI\nimServer\conf\server.xml
  Update below cipher and sslProtocol as you see (just the ciphers and sslprotocol section) and save the file

maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

enableLookups="false" disableUploadTimeout="true"

acceptCount="100" scheme="https" secure="true"

keystoreFile="${catalina.home}/conf/ssa.jks"

keystorePass="catalyst"

ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA22_POLY1305, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_SHA384, TLS_DHE_RSA_WITH_AES_128_SHA256"

clientAuth="false" sslProtocol="TLSv1.2" />



- Restart the  "CA_NIM_HelpDesk_Server(tomcat)" service on your SOI manager