Disabling SSL in NFA

book

Article ID: 37220

calendar_today

Updated On:

Products

CA Network Flow Analysis (NetQos / NFA)

Issue/Introduction

Symptoms: 

Vulnerability scans have found that your CA Network Flow Analysis reporter console server has SSL cyphers that are too weak.  You need to disable these SSL versions.

 

Environment:  

All versions of CA Network Flow Analysis up to and including 9.3.0.

 

Cause: 

In CA Network Flow Analysis 9.3.0, the embedded Java version is 1.6u45.  SSLv3 was not disabled until Java 1.6u91.

 

Resolution/Workaround:

Upgrade to at least CA Network Flow Analysis 9.3.1 to upgrade your embedded Java version to disable SSLv3 and use TLS versions with stronger cyphers.

 

 

Additional Information:

Starting in CA Network Flow Analysis 9.3.1, the embedded Java version is 1.7u76.  SSLv3 is disabled in Java 1.6u91 and all later versions.

Note: Upgrading the embedded Java version is unsupported unless performed as part of an CA Network Flow Analysis upgrade.

 

 

Environment

Release: RAIB1H99000-9.3-Network Flow Analysis-Interface Bundle-Hardware
Component: