ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to block weak protocols and ciphers in NFA?


Article ID: 228221


Updated On:


CA Network Flow Analysis (NetQos / NFA)


If you wish to completely block SSLv2, SSLv3, TLS1.0, TLS 1.1 and / or any weak ciphers, please see the below.


Vulnerability scanner may flag weak protocols or ciphers allowed which could be a security issue.


For Java processes to block weak protocols or ciphers search for: jdk.tls.disabledAlgorithms in the x:\CA\NFA\jre\lib\security\ file.

Add this line if it is not there already:

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves


For Windows processes: