This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
BMC Decision Support - Server Automation (5 Viewer, 1 Query License)
BladeLogic Decision Support for Server Automation
all BDSSA versions
The default configuration of BDSSA includes the use of the 3DES cipher suite. This cipher suite has been determined to be weak and should be removed from usage. More information about the vulnerability can be found in the MITRE CVE dictionary and NIST NVD.
How can I check for and remove usage of the weak 3DES cipher suite in BDSSA ?
How to check for usage of the 3DES cipher suitePlease review the How to check for usage of the 3DES cipher suit in article 000147506 and use the BDSSA host and ports instead of the BSA host and ports. For BDSSA the ports checked should be 9443 (BDS Console), 443 (Apache WebServer) and the BDSSA Authentication service (9640)
To remediate the BDSSA services
Apache Tomcat (BDS Console)
In <BDSSA Install>/tomcat/conf/server.xml, add or modify the ciphers attribute in the <Connector> tag for the connector listening on 9443.
<Connector port="9443" [....] ciphers="TLS_RSA_WITH_AES_256_CBC_SHA" [...] />The ciphers listed should not include any DES or 3DES ciphers. In the example above we have configured a single cipher - TLS_RSA_WITH_AES_256_CBC_SHA.
After making the change, restart the Tomcat service.
Change the files httpd-ssl.conf and httpd-ssl.conf.tmpl located at <BDSSA install>/webserver/conf/extra, so that the value of parameter SSLCipherSuite is as seen in block below.
After making the changes above restart the Apache Webserver service
BDSSA Authentication ServiceAlter the EnabledCipherSuites setting using the blasadmin utility on the BDSSA server
blasadmin -a set app enabledciphersuites TLS_RSA_WITH_AES_256_CBC_SHARestart the BDSSA Authentication Service after making the change.
Re-run the check for the vulnerability after making the changes to ensure the DES/3DES ciphers have been disabled in the BDSSA services.