-
Title
How do we turn off 3DES in the STAT agent? -
Description
We are trying to turn 3DES cipher off in STAT. When the security admin keeps scanning port 8443 using Tenable Security Center(Nessus), he sees 3DES active. The AIX admin updated the /etc/ssh/ssh_config file to read Ciphers aes128-cbc where before it said Cipher 3des. -
Resolution
1. Go to STAT_HOME\app\standalone\configuration. Locate standalone-full.xml. Take a back-up of this file before modification.
2. Locate this line from the standalone-full.xml
<https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm
3. Add this line:
max-post-size="999999999" enabled-cipher-suites="SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256" enabled-protocols="TLSv1.2"/>
4. The changes will look something like this:
<https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm" max-post-size="999999999" enabled-cipher-suites="SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256" enabled-protocols="TLSv1.2"/>
5. Save the file
6. Restart the stat central agent and try to run the scan again
Please go to https://stackoverflow.com/questions/28430149/how-to-enable-certain-cipher-suites-in-wildfly for more information of how to enable ciphers.