Hi Expert
I received a report from a 3rd party vulnerable vendor. They detected there is a 94699-SSL RC4 Cipher vulnerable in CSP system.
Inside the \tomcat\conf\server.xml and apache\conf\ssl\ssl.conf, we found there is a RC4 in the cipher as per below.
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256, LS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
Is it secure to be use or is there any recommendation we can enhance it? As for now, I do not see any relevant article related to this topic for CSP.
CSP version: 8.0.2