Environment
Verastream Host Integrator versions 7.5.70 through 7.8.49
Situation
This technical note describes how to resolve the SWEET32 Vulnerability, CVE-2016-2183.
Resolution
See https://nvd.nist.gov/vuln/detail/CVE-2016-2183 for a description of the SWEET32 vulnerability.
The SWEET32 vulnerability can be resolved by disabling the 3DES cipher still used by Verastream Host Integrator session server. The only one used is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA and it can be added to the disabledCipherSuites property in the file service-ctx.xml, which is found on Windows in <installDir>\Verastream\HostIntegrator\sesssrvr\services\ws\META-INF or on Unix/Linux in /opt/microfocus/verastream/hostintegrator/sesssrvr/services/ws/META-INF.
To add that cipher open service-ctx.xml in a text editor
and find the property disabledCipherSuites.
This is a blacklist of ciphers. Add
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA to the bottom of this list as shown below.
Save the file and close it.
Restart the Verastream Host Integrator Session Server.