search cancel

Symantec Directory - Disable SSL RC4 Cipher Suites for DXagent process running on port 9443 (Linux)


Article ID: 237520


Updated On:


CA Directory


You may find vulnerability scan report pointing to the fact that Symantec Directory component running on (or utilizing) port 9443 (which is dedicated to DXagent process) is using RC4 Cipher Suites and looking for a way to disable this Cipher Suites.


Release : 14.1

Component : CA Directory


Fact is, it is not Symantec Directory but Python version that has this RC4 vulnerability that Directory uses. So regardless of Directory version (14.1.00 or 14.1.03), so the solution is to upgrade your Linux node(s) with latest version of Python.

In Linux, DXagent uses python installed in the machine. And the ciphers are set based on the Python. DXagent uses the default Ciphers set by Python.

For example, run the following command:
-bash-4.2$ python -c 'import ssl; print ssl._DEFAULT_CIPHERS'

With Python 2.7.5, you will see:

With Python 3.7.3, you will see:

From the ciphers list you will notice RC4, in 2.7.5 version but not in 3.7.3 version.

From the Python docops page

Here you will find the information such as : Changed in version 3.4.4: RC4 was dropped from the default cipher string.