Can someone please advise if there is a way to disable weak CBC mode ciphers on SSH port for DPA devices.
Our internal security is asking us to do this.
Appreciate your help on this. Thanks.
Can you please tell me which version of DPAs you are running?
If you are running DPA 3.x, the first thing I would suggest would be to replace these with DPA 4.x, for increased security.
Version 4 DPAs are running a newer version of Linux that includes support for the latest protocol versions and stronger ciphers. Older version 3 DPAs have some limitations for what they can support.
If you are using virtual DPAs, you can simply download the DPA 4.x image from our Support Site and add them to your existing Cluster right away.
If you have DPA 3.x hardware appliances and wish to swap these for newer DPA 4.x hardware this is also possible. Please contact our Sales Dept to discuss the swap procedure.
After the upgrade, please repeat your security and vulnerability scanning to see if this has resolved your issue. If you continue to have an issue after deploying the DPA 4.x, please create a Support Service Request and we can assist further.