Weak ciphers being reported on penetration audit

ignition version 7.5.11

One of our customers IT team recently did an audit of their system and found weak ciphers being reported. I found an online scanner and ran a test on our internal system and found a similar result:

What can be done to rectify these weak ciphers? Is there a way to disable the weak ciphers? Is this something that was addressed in 7.6 or 7.7?

I can not say how this may affect your Ignition version (our install is 7.9.4), but the solution I found was to go into the JAVA home directory/installation. There you will find file java.security under /lib/security. Look for jdk.tls.disabledAlgorithms= where you can add “DSA, DESede, DES”.

In the ignition.conf file I added the following lines:
wrapper.java.additional.5=-DexcludedCiphers=SSLv3,TLSv1,DES-CBC3-SHA,DHE-RSA-DES-CBC3-SHA,DES,3DES, DESede, DES
wrapper.java.additional.6=-Dciphers=TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256

I now have DES, 3DES, SSL3 and TLS1 disabled.

1 Like