DevTest Security Vulnerability - SSL v2 and v3 detection

Document ID : KB000112662
Last Modified Date : 31/08/2018
Show Technical Document Details
Issue:
Need to remediate security vulnerability, SSL v2 and v3 detection, on DevTest 10.3  Server. 
Resolution:
1. Add this entry to every .vmoptions file:

-Dhttps.protocols=TLSv1.2

2. Add this properties to the site.properties file of where the Registry is running:

lisa.server.https.cipher.suites=TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256

3. Update this file DEVTEST_HOME/jre/lib/java.security, change property to this value:

​jdk.tls.disabledAlgorithms=TLSv1, MD5, SSLv3, SSLv2, DSA, DESede, DES, RSA keySize < 2048

4. Restart all of your DevTest components and re-scan.