This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
BobBaxter
Beginner
Beginner
‎2017-05-10 06:33 PM

Authentication Manager 8.2 openssl v.0.9.8j can't enable TLS 1_2

Jump to solution

We have virtual applicances (primary and secondary) of Authentication Manager that are on 8.2 p5.  We want to disable certain cipher suites and enable strict TLS 1_2, however when I checked on the openssl version of both machines, it was 0.9.8j.  I looked through these forums and documentation, and it seems like it should have upgraded already to 1.0.x, but that hasn't happened.  

 

I did see that 8.1 had a TPP 2.0 that updated openssl, but I'm worried that at this point a lot of those patches are back leveled, and I'm not sure if I should put that on.  

 

I also noticed that it still seems like RC4 comes up in scans as "supported", but I did see articles about how to change the cipher suites to disable the ones we don't want / need. 

 

Is there a way to update openssl, turn on strict TLS 1_2 (I have found articles for this) or should I try to install SP1, even if it backlevels 8.2 to patch 3?  (Read this in the notes and a forum)

 

Thanks for your help!

Labels (1)
0 Likes
Reply
1 Solution

Accepted Solutions
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2017-05-10 07:21 PM

Jump to solution

The SSL protocol version on an AM 8,x appliance is controlled by Web Logic, not openssl, so the old version of .9 openssl should not be used to try to enable strict TLS, or TLSv.1.2 only mode.  Use the ./rsautil command instead,

 

   cd \opt\rsa\am\utils

   ./rsautil store -a enable_min_protocol_tlsv1_2 true restart

 

If you search for strict TLS in RSA Link you'll find some docs and Knowledge Base articles on this, such as https://community.rsa.com/docs/DLink

 

And if you search for RC4, one of the discussions you'll find gives some background.

https://community.rsa.com/community/products/securid/blog/2017/02/27/ssl-protocols-rc4-ciphers-and-authentication-manager

View solution in original post

Reply
1 Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2017-05-10 07:21 PM

Jump to solution

The SSL protocol version on an AM 8,x appliance is controlled by Web Logic, not openssl, so the old version of .9 openssl should not be used to try to enable strict TLS, or TLSv.1.2 only mode.  Use the ./rsautil command instead,

 

   cd \opt\rsa\am\utils

   ./rsautil store -a enable_min_protocol_tlsv1_2 true restart

 

If you search for strict TLS in RSA Link you'll find some docs and Knowledge Base articles on this, such as https://community.rsa.com/docs/DLink

 

And if you search for RC4, one of the discussions you'll find gives some background.

https://community.rsa.com/community/products/securid/blog/2017/02/27/ssl-protocols-rc4-ciphers-and-authentication-manager

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.