Question:
Due to vulnerability security assessment we want to disable weak ciphers in SDC.
Answer:
Follow below steps to disable the AES128 bit algorithm
- cd $JAVA_HOME/jre/lib/security
- Open
java.securityfile - And update the
jdk.tls.disabledAlgorithms property with the ciphers which we want to disable
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256and restart the SDC service
4. Run the below command to confirm the cipher is disabled or not
nmap --script ssl-enum-ciphers -p <port> <SDC hostname or IP>
