Solved: Veritas Cluster Software affected with Weak SSL Ci...

PeterW · ‎12-02-2009

Hi All,

I need some help on this. Recently in a Nessus scan, this vulnerability was found in one of the servers (port 8443) running VCS to be accepting weak SSL Ciphers ( accepting 56K bit connections) . Could any of you be so kind as to how can this be remediated i.e. configuration settings? Is the setting found in the main.cf file or someplace else?

PeterW · ‎01-06-2010

Hi Dev Roy,

I know this reply is late but better late than never. Just to inform you that editing the vrtsweb.xml file under the Ports Configuration section worked out :). Thanks.

View solution in original post

Dev_Roy · ‎12-03-2009

Peter,

Take a look at the TechNote bellow:
http://support.veritas.com/docs/325073  Regards, Dev

Dev_Roy · ‎12-03-2009

Just in case the earlier link does not work for you then try this link for the TechNote:
http://seer.entsupport.symantec.com/docs/325073.htm

Let me know if it works for you.

Regards,
Dev

PeterW · ‎12-03-2009

Hi Dev Roy,

Thank you for your kind help. I'll ask the server team to check and provide me a copy of the ssl.conf file (they told me there is no httpd.conf file) and the /opt/VRTSweb/conf/vrtsweb.xml file. I'll start from there. I will keep this thread updated.

PeterW · ‎01-06-2010

Hi Dev Roy,

I know this reply is late but better late than never. Just to inform you that editing the vrtsweb.xml file under the Ports Configuration section worked out :). Thanks.

g_lee · ‎01-07-2010

PeterW,
Just wondering if there's a reason why you've marked your post as the solution even though it was Dev's reply with the technote that answered/resolved the issue?

g_lee · ‎01-07-2010

duplicate reply (hit save twice accidentally) - admins please delete - sorry for the inconvenience

VOX

Veritas Cluster Software affected with Weak SSL Ciphers