Can we disable SSLv3, RC4 and all 3DES to avoid known vulnerabilities

Document ID : KB000100768
Last Modified Date : 11/06/2018
Show Technical Document Details
Introduction:
Many applications depend on 3rd party components for which vulnerabilities are regularly discovered. Avoiding vulnerabilities as they are discovered is an on-going part of administrating computer systems. 
Question:
Is there an impact to CA Service Desk Manager in hardening the SSL ciphers by disabling SSLv3, RC4 and 3DES?
Answer:
CA supports the default ciphers that come with the Web Servers and Java 1.8 with the default settings.  CA testing did not include any tests for disabling those ciphers and so customers would need to verify that there is no impact via their own regression testing. 

If SSLv3, RC4 and 3DES ciphers have been disabled, they may need to be re-enabled before upgrading Service Desk Manager.  After the completion of the upgrade, the ciphers can be re-disabled.  CA SDM should work as expected with those ciphers disabled since there are no known specific direct dependencies.
 
Additional Information:
TLS 1.2 can be enforced across the Service Management solution following the steps indicated in below links:

https://docops.ca.com/ca-service-management/17-1/en/integrating/how-to-enable-tls-1-2-with-ca-eem-12-6
https://docops.ca.com/ca-service-management/14-1/en/integrating/how-to-enable-ca-eem-12-6-with-ca-service-management