A security scan of the Spectrum OneClick server shows the following vulnerability: SSL Weak Cipher Supported

Document ID : KB000049283
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Retina has detected that the targeted SSL service supports cryptographically weak encryption ciphers. An attacker may be able to leverage weaknesses in the encryption ciphers to gain access to sensitive information.

Solution:

This vulnerability is fixed in Spectrum version 9.2.1 and higher. If you running a Spectrum version prior to version 9.2.1 then check the $TOMCAT_ROOT/conf/server.xml for the following line:

ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"

If this is a scan of the OneClick server only, this vulnerability does not apply.

If the above cipher line matches what is in the server.xml then the vulnerability can be ignored. If there are differences in the cipher line then change it to match the above line and cycle tomcat. This will resolve the vulnerability until you are able to install Spectrum version 9.2.1 or greater.