Security Scan Discovered Three Vulnerabilities on Port 2010 - DevTest 10.3

Document ID : KB000103615
Last Modified Date : 27/06/2018
Show Technical Document Details
Issue:
The included security report found the following vulnerabilities on Port 2010:

SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
SSL Medium Strength Cipher Suites Supported
Cause:
Cipher Suites
Resolution:
Set the below value in the local.properties file of where the Registry is running. 

The general idea is to start with cipher suites designed for RSA and ECDSA keys. 

lisa.server.https.cipher.suites=\ 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,\ 
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,\ 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,\ 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,\ 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,\ 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,\ 
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\ 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,\ 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,\ 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,\ 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,\ 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,\ 
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,\ 
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,\ 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,\ 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,\ 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,\ 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 

For more, see https://www.feistyduck.com/library/openssl-cookbook/online/apA-ssl-tls-deployment-best-practices.html 

You will need restart the Registry. 

Re-did scan and this resolved the issue.