security software checks/scans detecting weak ciphers in Cloud Proxy Aria Operations 8.12x and later.
certain security software will flag weak ciphers in Aria Operations, but this should not be impacting any major function in the application.
However, if there is a CVE associated with the issue, open a service request to correct the problem.
Important: Take snapshots of each of the VMware Aria Operations nodes before applying any of the steps below How to take a Snapshot of VMware Aria Operations
1. Open ssh session as root to cloud proxy
2. Edit the file locate:
/usr/lib/vmware-vrops-cprc/etc/httpd-south/httpd.conf
3 . Locate the line:
SSLCipherSuite HIGH:!aNULL!ADH:!EXP:!MD5:!3DES:!CAMELLIA:!PSK:!SRP:!DH:!AES256-GCM-SHA384:!AES256-SHA256:!AES256-SHA:!AES128-GCM-SHA256:!AES128-SHA256:!AES128-SHA:@STRENGTH
replace with:
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384
4. Edit the file:
/etc/httpd-south/httpd.conf
locate and replace the same line mentioned in step 3
5. Restart the httpd-south service with the command
service httpd-south restart
6. Repeat these steps for all required cloud proxies