Ciphers used for web reports, inventory and webui

Hello

Running BigFix version 10.0.8 on Windows 2019. We have BigFix Inventory. web reports and webui running on seperate servers. TLS 1.2 is enabled and they have a proper certificate. However the security scanner indicates that ports 9081, 8083 and 443 are using weak ciphers. Ports 3389 and 1433 are not using weak ciphers. What BigFix web reports, inventory and webui configuration changes need to be made to ensure these applications are not using weak ciphers?

Have you checked the documentation?

https://help.hcltechsw.com/bigfix/10.0/inventory/Inventory/security/t_configuring_cipher_suites.html

https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Installation/c_security_ciphers.html

https://help.hcltechsw.com/bigfix/10.0/webui/WebUI/Admin_Guide/c_server_settings_definitions.html


Corrected the second URL - missing a letter.

2 Likes

Thank you very much. This is exactly what is needed. Personally I think this should be in the product by default.

I couldn’t get the second link to work. It took me to a page not found message.

I think a copy/paste/formatting messed up the earlier link, it’s missing the “l” on html. Here’s the working link.

https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Installation/c_security_ciphers.html

Follow Up question. If I try and apply the ciphers for the webui setting _WebUIAppEnv_WEB_CIPHERS The list provided appears to be larger than what can be added to the value section using the console. If I tried and manually add the values to the registry would that work. Isn’t there a 256 character limit to client setting values?