Using the scanning tool Nexpose, the security team has detected the vulnerability below

TLS/SSL Server Supports The Use of Static Key Ciphers

CA Directory 14.1 SP6

A fix is available to address this vulnerability.

We have added a configuration parameter (DXAGENT_SERVER_CIPHERS), which should be added to DXHOME/dxagent/dxagent_config.py file to set the needed ciphers for DxAgent.

To test the fix, follow the steps below.

1)Take a backup of DXHOME/dxagent/dxagent_default_config.py and DXHOME/dxagent/dxagent_cp_engine.py files.
2)Stop the DxAgent
3)Copy the provided testfix files dxagent_default_config.py,  dxagent_cp_engine.py  to DXHOME/dxagent folder

Add the new configuration variable DXAGENT_SERVER_CIPHERS with the ciphers that you want to use for DxAgent to the DXHOME/dxagent/ dxagent_config.py file. For the details of ciphers, check the Python documentation

Below is only a sample test example where we set the DXAGENT_SERVER_CIPHERS with some ciphers

DXAGENT_SERVER_CIPHERS = 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'

Note: 

You need to set the needed ciphers to DXAGENT_SERVER_CIPHERS. If you did not set DXAGENT_SERVER_CIPHERS, then the DxAgent will use the default ciphers enabled by Python.
The configuration parameter DXAGENT_SERVER_CIPHERS should be added only in DXHOME/dxagent/dxagent_config.py file
Start the DxAgent and test the DxAgent functionality. 

An HF for the Production Server is available.

Reference Defect: DE630243