The Security Team has determined that the RA Management Server is using old versions of SSH and TLS protocols through Tomcat. How can we disable the TLS v1.x protocols ?

Release: 6.x
Component: RAROC

Version 6.7.6 and later:

The information for versions earlier than 6.7.6 still apply. However, the structure of the Connector xml (inside the server.xml) has changed a little. In 6.7.6, the protocols used are specified in the protocols attribute of the SSLHostConfig element.

Versions earlier than 6.7.6:

By default we run tomcat with "TLSv1.2,TLSv1.1,TLSv1" 

You can disable the protocols you do no need in the server.xml file 
located in the RA_HOME\conf directory .

Search for the following connector on port 8443 

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" 
compression="on" 
compressionMinSize="102400" 
compressableMimeType="application/x-java-serialized-object" 
SSLEnabled="true" 
maxThreads="150" 
scheme="https" 
secure="true" 
clientAuth="false" 
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" 
keyAlias="nolioserver" 
keystoreFile="conf/nolio.jks" 
keystorePass="n0L10~28307" 
maxSwallowSize="-1"> 
</Connector> 

If you want to force tomcat to use TLSv1.2 you can change the enabled protocols 

sslEnabledProtocols="TLSv1.2" 

And restart the re service . 

You have to do  this on the NAC and NES.