Description:

Third party utilities used to assess the strength of SSL may reveal that CA Audit is using a weak SSL cipher on TCP port 8443.

Solution:

TCP port 8443 is used by Tomcat. CA Audit R8SP2 uses Tomcat 5.0.28. In Tomcat 4 and above, you can configure server.xml and specify a stronger cipher suite.

To do this:

1. Stop eTrust Audit Web Service
   
   
2. Open x:\Program Files\CA\eTrust Audit\jakarta-tomcat-5.0.28\conf\server.xml in nodepad
   
   
3. Add a line "ciphers" in connector section with strong cipher specified: i.e.

   <Connector className="org.apache.coyote.tomcat5.CoyoteConnector"......clientAuth="false" protocol="TLS"ciphers="SSL_RSA_WITH_RC4_128_SHA"......</Connector>

4. Start Audit "eTrust Audit Web Service" service.

Note: The cipher SSL_RSA_WITH_RC4_128_SHA is just a sample, you can specify yours. For more information please refer to Tomcat website.