Hello Venugopal,
The 'Birthday Attacks against TLS Ciphers with 64bit block size' also known as 'SWEET32' relates to Triple DES ciphers:
https://sweet32.info/
You can disable these ciphers using the '[ssl-qop-mgmt-default]' and '[ssl-qop]' stanzas.
Using the '[ssl-qop-mgmt-default]' stanza you can specify the order and ciphers that the Reverse Proxy server will use when negotiating a TLS handshake.
To resolve the 'SWEET32' vulnerability you'll just need to add entries in the '[ssl-qop-mgmt-default]' stanza that specify the cipher you want to use.
It will only use ciphers that are specified unless you specify a family of ciphers.
This stanza will only take effect when the following is set:
[ssl-qop]
ssl-qop-mgmt = yes
The above controls whether you specify the ciphers using the '[ssl-qop-mgmt-default]' stanza or whether you can control them using the 'gsk-attr-name' entries in the '[ssl]' stanza as per the following technote:
https://www.ibm.com/support/pages/node/256573
But, all of the above only counts for the 'https-port' port.
If you are having SWEET32 vulnerability reports for a 72XX port then you'll need to update the 'tls-vXX-cipher-specs' entries in the 'pd.conf' that exists at 'Secure Web Settings -> Manage -> Runtime Component ->> Manage -> Configuration Files'.
Please update these settings and confirm that your vulnerability is resolved.
#Support#SupportMigration#Verify