JMX Console Weak SSL/TLS Key Exchange Vulnerability
search cancel

JMX Console Weak SSL/TLS Key Exchange Vulnerability

book

Article ID: 267120

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio)

Issue/Introduction

We have the notification of the Weak SSL/TLS Key Exchange vulnerability for the Nolio JMX console (port 20203).

We do not want to disable the JMX console.

Could you please suggest how to fix it?

Environment

Release : 6.7

Resolution

Please change the value of tls disabled algorhthams with below value to address this vulnerability. Go to <RA_HOME>/jre/lib/security/java.security and change the jdk.tls.disabledAlgorithms property and restart the CARA services.

jdk.tls.disabledAlgorithms=TLSv1, TLSv1.1, SSLv3, RC4, DES, MD5withRSA, RSA keySize < 2048, DH keySize < 2048, \
    EC keySize < 224, 3DES_EDE_CBC, anon, NULL, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_3DES

 

Powered by Wolken Software