We have two vulnerabilities that popped up as soon as we started using the Broker
1. self-signed certificate - we are unable to use our own certificate for the Broker (2009). I set the following in the local.properties.
2. Unable to Disable TLS 1.0 - for Broker - I tried adding "-Dhttps.protocols=TLSv1.2" to the VMoptions files , but I was still seeing issues with 2009 ports. Am I missing anything?
Limitations with Broker component
Release : 10.4
Component : CA Service Virtualization
Currently there is a limitation when using your own keystore for Broker service. The issue is with the password used in private key and keystore file, We only allow 'passphrase' as the keystore password. .
Here is the workaround to make Broker use keystore of our own, this is what has to be done:
When creating keystore, make sure your keystore and private key are secured with password as 'passphrase'
Set only lisa.keystore property in rules.xml file
Comment out the lisa.keystore.password_enc entry in rules.xml file
Since, the code assumes password as 'passphrase' if there is no entry for "lisa.keystore.password_enc", our Keystore with legitimate SSL cert could be used with Broker.
<property comment="The logging level of the root category" key="lisa.log.level" value="dev"/>
<property comment="The location of the ssl keystore, defaults to Lisa Home or Agent Dir." key="lisa.keystore" value="/Users/abcuser06/newkeystore.jks"/>
Note: This is in our backlog to fix this issue.