We are currently running UIM 20.3 with TLS 1.0/1.1 on Windows Server 2012 R2.
Our security team is asking us to remove the following weak and medium ciphers or any ciphers that contain CBC and SHA1
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ecdh_x25519)
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519)
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519)
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519)
• TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048)
• TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048)
• TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
• TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)
How will this impact our UIM 20.3 TLS 1.0/1.1 environment?
We are also however in the planning stage to transit from TLS 1.0/1.1 to TLS 1.2.
Based on this same request to remove the weak and medium ciphers or any ciphers that contain CBC and SHA1, how will this impact our future UIM 20.3 TLS 1.2 environment?
Release : 20.3
Component : UNIFIED INFRASTRUCTURE MGMT
UIM 20.3 does not support TLS 1.0.The mentioned ciphers can be removed except at least one cipher which would come in the supported list of TLS 1.1. It should be common and supported by both at client and server side.
Going forward, TLS1.2 there is no problem in removing low and medium ciphers.