How to disable specific ciphers in a Virtual Appliance environment
search cancel

How to disable specific ciphers in a Virtual Appliance environment

book

Article ID: 275168

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager

Issue/Introduction

How to disable the ciphers below in a Virtual Appliance environment for ports 20411 and 22002?

TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

Environment

Virtual Appliance 14.4.2

Resolution

As described in the documentation, you need to edit the "/opt/CA/VirtualAppliance/custom/java.conf" file

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-suite/14-4/virtual-appliance/configuring-virtual-appliance.html

 

Add the following line to the java.conf file, pay attention to keeping only one line.

jdk.tls.disabledAlgorithms=TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, DHE_RSA_WITH, anon, NULL, include jdk.disabled.namedCurves

 

Note:

After saving the java.conf file you must reboot the Virtual Appliance machine, stopping services will not work.

 

Powered by Wolken Software