How to disable weak ciphers on cloud proxies
search cancel

How to disable weak ciphers on cloud proxies

book

Article ID: 324155

calendar_today

Updated On:

Products

VMware Aria Suite VMware Aria Operations (formerly vRealize Operations) 8.x

Issue/Introduction

security software checks/scans detecting weak ciphers in Cloud Proxy Aria Operations 8.12x and later.

Environment

VMware Aria Operations 8.12.x
VMware vRealize Operations 8.x

Cause

certain security software will flag weak ciphers in Aria Operations, but this should not be impacting any major function in the application.

However, if there is a CVE associated with the issue, open a service request to correct the problem.

Resolution

Important: Take snapshots of each of the VMware Aria Operations nodes before applying any of the steps below How to take a Snapshot of VMware Aria Operations

1. Open ssh session as root to cloud proxy

2. Edit the file locate:

/usr/lib/vmware-vrops-cprc/etc/httpd-south/httpd.conf

3 . Locate the line:

SSLCipherSuite HIGH:!aNULL!ADH:!EXP:!MD5:!3DES:!CAMELLIA:!PSK:!SRP:!DH:!AES256-GCM-SHA384:!AES256-SHA256:!AES256-SHA:!AES128-GCM-SHA256:!AES128-SHA256:!AES128-SHA:@STRENGTH

replace with:

SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384

4. Edit the file:

/etc/httpd-south/httpd.conf

locate and replace the same line mentioned in step 3 

5. Restart the httpd-south service with the command

service httpd-south restart

6. Repeat these steps for all required cloud proxies