I read article 41101 following a bulletin but realise that it did not address the main issue related to the weak default DH ciphers / Diffie-Hellman key.
Basically the problems with Blackboard 9.1 Oct 14 and 9.1 Q4 15 boils down to:
a) Java 7 is the certified JDK for these 2 version
b) Java 7 uses 768-bit for DH by default
c) Java 7 has limited strength policy so AES is maxed out at 128 bits
The following articles I found online (especially the first) helped me a lot in understanding why my security team was harping on this when the cipher list in article 41639 & 40766 has AES256, DH, DHE ciphers. The articles pointed out that I needed to have:
1) “-Djdk.tls.ephemeralDHKeySize=2048” under “bbconfig.jvm.options.extra.tomcat”
2) Apply JCE unlimited strength policy so that I could use AES256 cipher and that security team will not complain about the DH cipher being weak.
Hope this helps someone here.