Disabling vulnerable cipher suites for security
A cipher suite is a set of algorithms that help secure a network connection. There are various cipher suites and you use the one that best suits your business needs and cluster environment. However, if a certain cipher suite has been identified as having potential security weaknesses, you can disable the vulnerable cipher suite and use safer ones.
About this task
For example, IBM® Spectrum Conductor installs with IBM JRE, which contains a known Logjam security attack (identified as the CVE-2015-4000 vulnerability), that exposes a potential weakness with DHE cipher suites. In this case, disable DHE cipher suites and use ECDHE suites instead, as ECDHE cipher suites are not affected by the Logjam vulnerability.
For more details about IBM JRE addressing CVE-2015-4000, see https://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/disable_dh768.html
Use the following guidelines to disable cipher suites from use with IBM Spectrum Conductor.