DevTest NULL Cipher Suite update

book

Article ID: 224469

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

Few of the HTPS virtual services are failing due to incorrect Cipher suite used by virtual services.

Virtual services are using SSL certificate and local.properties are configured to use TLS v1.2. This is the same with application side as well. but, Virtual services response is failing at application side due to incorrect Cipher that comes from CA DevTest.

Need to add/allow below Ciphers from DevTest side.

TLS_RSA_WITH_NULL_SHA256,
SSL_RSA_WITH_NULL_SHA,
SSL_RSA_WITH_NULL_MD5

Environment

Release : 10.6

Component : DevTest Virtual Service

Resolution

 

After looking at multiple sources found that the listed 3 NULL CIPHERs are disabled by default in TLS 1.2. It is due to weak/no security/encryption and are considered insecure.

References:

- https://ciphersuite.info/cs/?page=1&tls=all&security=insecure

- https://www.techstacks.com/howto/j2se5_ssl_cipher_strength.html

In order to maintain the current security level in the organization, if is not recommended to use these NULL ciphers.

But if is required to use them anyway, then update the java.security file from the JRE that is being used by VSE as below and restart components:

Line 622 and 623:

From 

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
    EC keySize < 224, 3DES_EDE_CBC, anon, NULL

To

jdk.tls.disabledAlgorithms=RC4, DES, MD5withRSA, DH keySize < 1024, \
    EC keySize < 224, 3DES_EDE_CBC, anon

Also update below in local.properties:

https.protocols=TLSv1.2

to

https.protocols=TLSv1.2,SSLv3