Security auditing is flagging a weak SSL cipher being used on port 9443/tcp.
You may need to enable the more secure ciphers and disable the insecure ones on the Management Console for Unix Server.
On Windows 2008 or 2012 servers.
1 - Stop the Quest Management Console for Unix
2 - Backup the Jetty.xml file in C:\Program Files (x86)\Quest Software\Management Console for Unix\etc and rename it to jetty.original
3 - Then replace C:\Program Files (x86)\Quest Software\Management Console for Unix\etc\jetty.xml with the attached file. Please note the attachment is at the bottom of this KB.
4 - Restart the service
You can provide your own SSL certificate. Please refer the the following KB article about this: How to configure SSL for use with Jetty? How to setup certificate in MCU? (86932)
There is also some information in the Management Console for Unix Admin guide in the Security Chapter under Installing a Product Certificate section.
1 - On the MCU server, edit the c:\program files or program files (x86)\Management Console for Unix\etc\jetty.xml file to exclude the weak ciphers you do not want used.
This can be done by following the documentation provided by jetty: http://docs.codehaus.org/display/JETTY/SSL+Cipher+Suites
SSL Cipher Suites
The cipher suites used by Jetty SSL are provided by the JVM: http://java.sun.com/javase/6/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider.
The ciphers are used in preference order. If a vulnerability is discovered in a cipher (or if it is considered too weak to use), it is possible to exclude it without the need to update the JVM in jetty.xml:
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité