Introduction:
Security scan shows that EEM is allowing SSL/TLS and RC4 communication.
Port 509 is used for communication between EEM Server and CA Directory.
The default cipher suite for CA Directory allows RC4.
Question:
How can I remove RC4 vulnerability from the configuration?
Environment:
CA EEM 12.x on Windows/Unix/Linux platforms.
Answer:
1. You must modify file "itechpoz.dxc" located in
2. Add the following parameter in itechpoz.dxc to disable the RC4 cipher suites.
cipher = "ALL:!ADH:!DES:!LOW:!EXPORT40:!RC4"
The itechpoz.dxc would look this after adding the above parameter:
set ssl = {
cert-dir = "config/ssld/personalities"
ca-file = "config/ssld/itechpoz-trusted.pem"
cipher = "ALL:!ADH:!DES:!LOW:!EXPORT40:!RC4"
protocol = tls
};
3. Recycle dxserver.
Additional Information:
You can check following link to understand the syntax of the cypher string ("ALL:!ADH:!DES:!LOW:!EXPORT40:!RC4")