Security scan - TLS Version 1.0 and 1.1 Protocol Detection on Mediation Manager systems

book

Article ID: 209729

calendar_today

Updated On:

Products

DX NetOps

Issue/Introduction

Security scan - TLS Version 1.0 and 1.1 Protocol Detection on Mediation Manager systems

Environment

Release: 20.2.8 and earlier

Component:

Resolution

Security is controlled by the java.security file and its settings within.  This file exists within the java release that was provided for CAMM to use.  This file contains a parameter called jdk.tls.disabledAlgorithms which provides a place to restrict Java from utilizing various algorithms, like SSLv3 and TLS1.0/1.1.

An example value of this parameter to restrict Java from using Sslv3, TLS1.0 and TLS1.1 

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, TLSv1, TLSv1.1, MD5withRSA, DH keySize < 1024

Once this update has been completed, Mediation Manager services need to be restarted via the stopall and startall scripts.

Additional Information

This will need to be accomplished for every new Java release that does not come configured in this way out of the box.