Description:
The customer has reported vulnerabilities in Ansible Automation Platform (AAP) 2.4 related to the negotiation of insecure cipher suites. The following insecure TLS 1.2 cipher suites have been identified:

<ul><li>Negotiated with the following insecure cipher suites: <ul><li>TLS 1.2 ciphers: <ul><li>TLS_RSA_WITH_AES_128_CBC_SHA</li><li>TLS_RSA_WITH_AES_128_CBC_SHA256</li><li>TLS_RSA_WITH_AES_128_CCM</li><li>TLS_RSA_WITH_AES_128_GCM_SHA256</li><li>TLS_RSA_WITH_AES_256_CBC_SHA</li><li>TLS_RSA_WITH_AES_256_CBC_SHA256</li><li>TLS_RSA_WITH_AES_256_CCM</li><li>TLS_RSA_WITH_AES_256_GCM_SHA384</li></ul></li></ul></li></ul> 

Customer Recommendation:
The customer has recommended disabling TLS/SSL support for static key cipher suites to mitigate these vulnerabilities.

Steps to Reproduce:
Not applicable (N/A). The vulnerability was identified based on the customer's scan and shared vulnerability report.

Customer Impact:
The use of insecure cipher suites in AAP could lead to vulnerabilities in secure communications, potentially exposing the platform to security risks.

Attachments:
The customer's vulnerability Excel sheet and related concerns have been attached to the support case.

Support Case Reference:
Case: https://access.redhat.com/support/cases/#/case/03875011

Requested Action:
Enhance the security of AAP 2.4 by disabling TLS/SSL support for static key cipher suites to align with modern cryptographic standards and address the reported vulnerabilities.