Our vulnerability management system raised a vulnerability in the CloudProxy servers with the following recommended solution:
Disable any weak HMAC algorithms within the TLS configuration
FYI, on verifying the cloudproxy config the parameter is set as:
There are two ways to resolve this>
2) To enforce the TLS 1.3 communication between Cloud Proxy and DX APM SaaS, configure the value of
parameter to TLSv1.2 or TLS v1.3
Cloud proxy doesn't have any external configuration to enable/disable the cipher suites.
The following settings resulted in a successful rescan. After rescan, the weak cypher vulnerabilities are gone.
Protocols enabled for encrypted incoming connections (agent side)
# Protocols enabled for encrypted outgoing connections (SaaS side)