After running a vulnerability scan against Virtual Appliance (Identity Manager), the report is returning "SSL Medium Strength Cipher Suites Supported (SWEET32)" & "SSL Anonymous Cipher Suites Supported" against port 10101
The cipher suites and TLS protocol need to be updated.
Release : 14.X
Component : CA Directory
Component : CA IDENTITY MANAGER
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
The cipher suite will need to up updated to a more secure format.
To do this Navigate and open:
\dxserver\config\servers\dsaname.dxi
Find your SSL declaration:
source "../ssld/dsaname.dxc";
Navigate to this ssl declaration file and set the below values:
# SSL options
cipher = "ALL:!aNULL:!ADH:!eNULL:!DES:!LOW:!MEDIUM:!EXP:!RC4:!RSA:!EXPORT40:+HIGH:@STRENGTH" # default ciphers - syntax on OpenSSL website
protocol = TLSv12 # enable TLS only (default of fips set)
Run the below commands:
Dxserver stop DSAName
Dxsyntax (to ensure there are no typos)
Dxserver start DSAName
On vApp you will need to use
su dsa
command to log in as dsa user to be able to edit files like dsaname.dxc