How to block weak protocols and ciphers in NFA?
search cancel

How to block weak protocols and ciphers in NFA?


Article ID: 228221


Updated On:


CA Network Flow Analysis (NetQos / NFA)


If you wish to completely block SSLv2, SSLv3, TLS1.0, TLS 1.1 and / or any weak ciphers, please see the below.


Vulnerability scanner may flag weak protocols or ciphers allowed which could be a security issue.


For Java processes to block weak protocols or ciphers search for: jdk.tls.disabledAlgorithms in the x:\CA\NFA\jre\lib\security\ file.

Add this line if it is not there already:

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves


For Windows processes:

Security Settings for Protection Against BEAST and Weak Diffie-Hellman Moduli