SSL Error picking Watson Content Hub (WCH) resource using Portal Server which is not using front-end Web Server

Here are the ssl errors seen by browser type:

Firefox:
SSL_ERROR_RX_RECORD_TOO_LONG

Chrome:
ERR_SSL_PROTOCOL_ERROR

IE:
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://ibm-l1t6naa85pn.raleigh.ibm.com:10039 again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

Related:

How to disable weak Cipher in Netcool/Impact?

After SSL enabled on Impact(including JREXEC server), the system failed
on Nessus scan:

42873 (3) – SSL Medium Strength Cipher Suites Supported
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium
strength encryption, which we currently regard as
those with key lengths at least 56 bits and less than 112 bits.
Note: This is considerably easier to exploit if the attacker is on the
same physical network.
Solution
Reconfigure the affected application if possible to avoid use of medium
strength ciphers.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:
Publication date: 2009/11/23, Modification date: 2015/10/21
Hosts
10.198.129.17 (tcp/1345)
Here is the list of medium strength SSL ciphers supported by the remote
server :
Medium Strength Ciphers (> 64-bit and < 112-bit key)
TLSv1
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code
{export flag}

Related:

Introducing TLS v1.2

Introducing TLS v1.2

Updated: March 9, 2009

Applies To: Windows 7, Windows Server 2008 R2

This product evaluation topic for the IT professional describes the security enhancements to Transport Layer Security (TLS) in Windows 7 and Windows Server 2008 R2.

TLS and Schannel

Microsoft implements the Secure Sockets Layer (SSL) protocol and the TLS protocol by using the Schannel authentication package (schannel.dll). For Windows 7 and Windows Server 2008 R2, TLS has been improved to version 1.2 in order to support:

  • Hash negotiation. The client and server can negotiate any hash algorithm to be used as a built-in feature, and the default cipher pair MD5/SHA-1 has been replaced with SHA-256.
  • Certificate hash or signature control. You can configure the certificate requester to accept only specified hash or signature algorithm pairs in the certification path.
  • Suite B–compliant cipher suites. Two cipher suites have been added so that the use of TLS can be Suite B compliant:

    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

How to control the use of TLS

To control the use of TLS, you need to set the cipher suite requirement for your computer that will force adherence to TLS 1.2. Use the following steps:

  1. Using Group Policy, enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security policy setting.
  2. Open Internet Explorer. On the Tools menu, click Internet Options. Click the Advanced tab, and then select the Use TLS 1.2 check box.

Resources for TLS and Schannel

For information about application development that uses the new cipher suites available for TLS 1.2 implementation, see Secure Channel in the MSDN Library.

For information about the Schannel authentication package, see the TLS/SSL Technical Reference.

Related:

The Secure Sockets Layer and Transport Layer Security

With the explosive growth of computing devices connected with the Internet in
recent years, security of communications and computer systems became more important than
ever. We will learn about history of secure communications, the SSL/TLS protocols,
handshake, network layers and a tool that makes our lives easier for SSL/TLS connection
verification.

Related: