How to Disable Weak Ciphers and SSL 2.0 in Applicare

If you run the following command:

nmap --script ssl-cert,ssl-enum-ciphers localhost -p 8443

you should see the following warnings:

64-bit block cipher 3DES vulnerable to SWEET32 attack

Key exchange (dh 1024) of lower strength than certificate key

Key exchange (secp160k1) of lower strength than certificate key

To fix this, change the below values in the file $arcturus_home/server/conf/server.xml:

<Connector SSLEnabled="true"

     clientAuth="false"

     keystoreFile="keystorefile"

     keystorePass="password"

     maxThreads="150"

     port="8443"

     protocol="HTTP/1.1"

     scheme="https"

     secure="true"

     sslProtocol="TLS"/> 

to this:

<Connector SSLEnabled="true"

     clientAuth="false"

     ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, 
TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"

     keystoreFile="keystorefile"

     keystorePass="password"

     maxThreads="150"

     port="8443"

     protocol="HTTP/1.1"

     scheme="https"

     secure="true"

     sslEnabledProtocols="TLSv1.1,TLSv1.2"

     sslProtocols = "TLSv1.1,TLSv1.2"

/>