By default, the postgres database on vRealize Automation 7.2.0 is configured to accept some NULL SSL ciphers on port 5432. This article provides steps to disable NULL ciphers.
Schedule a change window to implement the change to prevent database updates during the outage.
Take a backup of the vRealize Automation environment.
Adjust the ssl_ciphers on all vRealize Automation appliance nodes in the cluster.
Connect to the appliance through console or SSH.
Navigate to /storage/db/pgdata/
cd /storage/db/pgdata/
Edit postgresql.conf with a text editor.
Adjust the ssl_ciphers to the following:
ssl_ciphers = 'TLSv1.2:!aNULL:!eNULL'
If the database is not in use, run the below command to restart the service on all appliances:
service vpostgres restart
Note: You can also restart the appliance to prevent local vRealize Automation and vRealize Orchestrator services from attempting to interact with the database while it is unavailable.
Additional Information
Note: By default, the option ssl_ciphers appears twice in the postgresql.conf on vRealize Automation 7.2: once in the comments and once in the CUSTOMIZED OPTIONS options section. If multiple occurrences are enabled in the file, the last occurrence will take precedence and you might not notice any changes to the behavior. For best results, confirm that there is only a single occurrence is enabled and that it is configured correctly.