Disable ARIA and CCM ciphers in VMware Aria Operations
search cancel

Disable ARIA and CCM ciphers in VMware Aria Operations

book

Article ID: 392664

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

ARIA and CCM ciphers are non-compliant with your security requirements and need to be removed from use by the product.

The ciphers to remove are:

ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ARIA128-GCM-SHA256
ARIA256-GCM-SHA384
ECDHE-RSA-ARIA128-GCM-SHA256
ECDHE-RSA-ARIA256-GCM-SHA384
AES128-CCM
AES256-CCM

Environment

VMware Aria Operations 8.16.x
VMware Aria Operations 8.17.x
VMware Aria Operations 8.18.x

Resolution

Before implementing the steps below, use the steps in How to take a Snapshot of VMware Aria Operations

  1. Log in to the primary node as root via SSH or vSphere console

  2. Run the command below to update the cipher suites
    sed -i 's/^SSLCipherSuite .*/SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256/' /usr/lib/vmware-vcopssuite/utilities/conf/vcops-apache.conf
  3. Run the command below to reload the httpd config
    systemctl reload httpd
  4. Repeat steps 1-3 on all remaining primary replica and data nodes in the cluster.

Additional Information

The ciphers will be removed permanently from a future version of VMware Aria Operations.

Powered by Wolken Software