Disable weak RC4 cipher suite

Document ID:KM01752587
Creation Date:24-Jul-2015
Modified Date:31-Jan-2018
- Micro Focus Products:
  arcsight enterprise security manager

Summary

Vulnerability scanners evaluate RC4 cypher suites as weakness and report it as vulnerability.

Error

Vulnerability scanners evaluate RC4 cypher suites as weakness and report it as vulnerability.

Cause

On ESM ports 8443 and 9443 these cipher suites are enabled by default

Fix

Steps to disable them:
for port 8443:
from
/opt/arcsight/manager/config/server.defaults.properties
copy value
servletcontainer.jetty311.socket.https.ciphersuites=TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA
to
/opt/arcsight/manager/config/server.properties
and delete entries - SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA
to looks like this
servletcontainer.jetty311.socket.https.ciphersuites=TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA

for port 9443:
from
/opt/arcsight/web/config/webserver.defaults.properties
copy value
servletcontainer.jetty311.socket.https.ciphersuites=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA
to
/opt/arcsight/web/config/webserver.properties
delete entries - SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA
to looks like this
servletcontainer.jetty311.socket.https.ciphersuites=SSL_RSA_WITH_3DES_EDE_CBC_SHA

Restart manager and web service to take effect for the changes.