For maximum security, you must configure vRealize Automation components to use strong ciphers. The encryption cipher negotiated between the server and the browser determines the encryption strength that is used in a TLS session. To ensure that only strong ciphers are selected, disable weak ciphers in vRealize Automation components. Configure the server to support only strong ciphers and to use sufficiently large key sizes. Also, configure all ciphers in a suitable order.

Cipher Suites that are not Acceptable

Disable cipher suites that do not offer authentication such as NULL cipher suites, aNULL, or eNULL. Also disable anonymous Diffie-Hellman key exchange (ADH), export level ciphers (EXP, ciphers containing DES), key sizes smaller than 128 bits for encrypting payload traffic, the use of MD5 as a hashing mechanism for payload traffic, IDEA Cipher Suites, and RC4 cipher suites. Also ensure that cipher suites using Diffie-Hellman (DHE) key exchange are disabled.