ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Weak cipher were detected on TCP port 8443


Article ID: 51271


Updated On:


CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting



Third party utilities used to assess the strength of SSL may reveal that CA Audit is using a weak SSL cipher on TCP port 8443.


TCP port 8443 is used by Tomcat. CA Audit R8SP2 uses Tomcat 5.0.28. In Tomcat 4 and above, you can configure server.xml and specify a stronger cipher suite.

To do this:

  1. Stop eTrust Audit Web Service

  2. Open x:\Program Files\CA\eTrust Audit\jakarta-tomcat-5.0.28\conf\server.xml in nodepad

  3. Add a line "ciphers" in connector section with strong cipher specified: i.e.
    <Connector className="org.apache.coyote.tomcat5.CoyoteConnector"......clientAuth="false" protocol="TLS"ciphers="SSL_RSA_WITH_RC4_128_SHA"......</Connector>
  4. Start Audit "eTrust Audit Web Service" service.

Note: The cipher SSL_RSA_WITH_RC4_128_SHA is just a sample, you can specify yours. For more information please refer to Tomcat website.


Component: ADTCTL