Weak cipher were detected on TCP port 8443

book

Article ID: 51271

calendar_today

Updated On:

Products

SECURITY MISC CODES SINGLE SIGN ON - LEGACY CA Data Protection (DataMinder) CA User Activity Reporting

Issue/Introduction

Description:

Third party utilities used to assess the strength of SSL may reveal that CA Audit is using a weak SSL cipher on TCP port 8443.

Solution:

TCP port 8443 is used by Tomcat. CA Audit R8SP2 uses Tomcat 5.0.28. In Tomcat 4 and above, you can configure server.xml and specify a stronger cipher suite.

To do this:

  1. Stop eTrust Audit Web Service

  2. Open x:\Program Files\CA\eTrust Audit\jakarta-tomcat-5.0.28\conf\server.xml in nodepad

  3. Add a line "ciphers" in connector section with strong cipher specified: i.e.
    <Connector className="org.apache.coyote.tomcat5.CoyoteConnector"......clientAuth="false" protocol="TLS"ciphers="SSL_RSA_WITH_RC4_128_SHA"......</Connector>
  4. Start Audit "eTrust Audit Web Service" service.

Note: The cipher SSL_RSA_WITH_RC4_128_SHA is just a sample, you can specify yours. For more information please refer to Tomcat website.

Environment

Release:
Component: ADTCTL