How to resolve RC4 ciphers issue and TLS v1 on OVA

Document ID : KB000125180
Last Modified Date : 23/01/2019
Show Technical Document Details
Question:
• Port 22 – It is SSH port, weak RC4 ciphers 
* port 443 and 8443, TLS v1 needs to be disabled. 
Environment:
Virtual Appliance 14.2
 
Answer:

HF-DE371990-20180627-0001.tar.gpg for SSH 

For port 8443, there is a https-listener-hardening file which can be edited and set to value of true which would force usage of TLS 1.2 instead. There is a separate file for each service under the /opt/CA/VirtualAppliance/custom folder.

For port 443, disabling TLSv1.0 is not supported in version 2.2.15 of httpd, which is the latest version released for CentOS 6 (which is the base of vApp 14.1 and 14.2). Fixing this issue is in our road map for future versions. In the meantime, we would advise a customer to limit network access to this port to admin workstations only.