search cancel

Can we configure tcp/443 Ciphers (TLS Ciphers) in PAM?

book

Article ID: 252819

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Using nmap command below to check supported Ciphers on port tcp/443 in PAM shows weak Ciphers. Can we configure PAM to remove the weak Ciphers?

nmap -sV --script ssl-enum-ciphers -p 443 <IP of PAM>

Environment

Release : 3.4.x, 4.0.x

Resolution

We can disable TLSv1.0 and v1.1 to remove Ciphers relates to those TLS versions.

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=Y1Sf+SHUKjau/N/kOIBGGw==

However, unfortunately we cannot configure tcp/443 Ciphers in PAM 3.4.x or 4.0.x. We can configure the Ciphers from PAM 4.1.1 onward. Please refer to below documentation

Enable or Disable TLS Ciphers

Please upgrade to PAM 4.1.1 to address this issue