The SSL/TLS server supports key exchange that are cryptographically weaker than recommended. Key exchanges should provide at least 224 bits of security, which translates to a minimum key size of 2048 bits for Diffie Hellman and RSA key exchanges.

Release : 14.1

Component : Vantage Storage Resource Manager

Selection of a cipher suites and algorithms that are used for TLS communication is a compromise between the support for type/version of browsers and security.

In this case the advise is to set up the Tomcat to use only Strong encryption methods.

How to set up:

1. Create a duplicate (backup) of server.xml file located in your runtime directory. (in case anything goes wrong, not required step)
   For example: /a/marek/webui/runtime/apache-tomcat-9.0.58/conf (server.xml)
2. Edit server.xml file
3. Find Connector element with port you set for Web client.
4. Update Connector ciphers
   For example in my environment:
   <Connector SSLEnabled="true" acceptCount="100" algorithm="IbmX509" clientAuth="false" disableUploadTimeout="true"
   enableLookups="false" keystoreFile="safkeyring://VANTDEV/VANTRRNG" keystoreType="JCERACFKS"
   maxHttpHeaderSize="8192" maxSwallowSize="104857600" maxThreads="150" minSpareThreads="25" port="26555" scheme="https"
   secure="true" sslEnabledProtocols="+TLSv1.2" sslImplementationName="com.ca.sslsocket.CASSLImplementation" sslProtocol="TLS"
   ciphers="ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,
   ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305"/>.

The WebUI started task have to be recycled.