Received this during security audit. Does CA Spectrum have a way to resolve this security issue?
Disable support for LOW encryption ciphers.<P> <B>Apache</B> <BR> If TLSv1.1 or TLSv1.2 are available, then those protocols should be used. <BR>SSLProtocol TLSv1.1 TLSv1.2<BR> If TLSv1.1 and TLSv1.2 are not available then only TLS1.0 should be used: <BR>SSLProtocol TLSv1 <BR>Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:<BR> SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<BR><BR> For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):<BR> SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<BR><P> <B>Tomcat</B> <BR> sslProtocol="SSLv3" <BR>ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W <BR>ITH_3DES_EDE_CBC_SHA" <BR><P> <B>IIS</B> <BR> <A HREF="http://support.microsoft.com/default.aspx?scid=kb;EN-US;245030" TARGET="_blank">How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll</A> (Windows restart required) <BR><A HREF="http://support.microsoft.com/default.aspx?scid=kb;en-us;187498" TARGET="_blank">How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services</A> (Windows restart required) <BR><A HREF="http://www.microsoft.com/technet/security/prodtech/IIS.mspx" TARGET="_blank">Security Guidance for IIS</A> <P>For Novell Netware 6.5 please refer to the following document <A HREF="http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm" TARGET="_blank">SSL Allows the use of Weak Ciphers. -TID10100633 </A>