Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CyberBreaker
Contributor

Disable Weak Ciphers for Smart-1

Jump to solution

Hello Guys,

I believed it is possible to disable weak ciphers for the security gateway but how about for the security management (smart-1)? I searched over the some data but I always saw the procedure for the security gateways.

Anyone here knows how to disable weak ciphers for smart-1?

Thank you very much for the great help.

 

0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion
Champion

Hi @CyberBreaker,

Use the following comand to see all posible ciphers:

# cpopenssl ciphers -v 'HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5'

1) Back up the current /web/templates/httpd-ssl.conf.templ file:

# cp /web/templates/httpd-ssl.conf.templ /web/templates/httpd-ssl.conf.templ_backup

2) Assign the 'write' permission to the file:

# ls -l /web/templates/httpd-ssl.conf.templ

# chmod u+w /web/templates/httpd-ssl.conf.templ

# ls -l /web/templates/httpd-ssl.conf.templ

3) Edit the current /web/templates/httpd-ssl.conf.templ file:

[Expert@HostName:0]# vi /web/templates/httpd-ssl.conf.templ

       >>>  In the section "SSL Cipher Suite" change the chihper:

       # SSL Cipher Suite:
       # Add your chiper:

       SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-  SHA256:!ADH:!EXP:RSA:+HIGH:+MEDIUM:!MD5:!LOW:!NULL:!SSLv2:!eNULL:!aNULL:!RC4:!SHA1

        4) Restart the httpd
               # tellpm process:httpd2

 

 

View solution in original post

5 Replies
HeikoAnkenbrand
Champion
Champion

Hi @CyberBreaker,

Use the following comand to see all posible ciphers:

# cpopenssl ciphers -v 'HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5'

1) Back up the current /web/templates/httpd-ssl.conf.templ file:

# cp /web/templates/httpd-ssl.conf.templ /web/templates/httpd-ssl.conf.templ_backup

2) Assign the 'write' permission to the file:

# ls -l /web/templates/httpd-ssl.conf.templ

# chmod u+w /web/templates/httpd-ssl.conf.templ

# ls -l /web/templates/httpd-ssl.conf.templ

3) Edit the current /web/templates/httpd-ssl.conf.templ file:

[Expert@HostName:0]# vi /web/templates/httpd-ssl.conf.templ

       >>>  In the section "SSL Cipher Suite" change the chihper:

       # SSL Cipher Suite:
       # Add your chiper:

       SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-  SHA256:!ADH:!EXP:RSA:+HIGH:+MEDIUM:!MD5:!LOW:!NULL:!SSLv2:!eNULL:!aNULL:!RC4:!SHA1

        4) Restart the httpd
               # tellpm process:httpd2

 

 

View solution in original post

CyberBreaker
Contributor

Hi @HeikoAnkenbrand ,

Thanks for the help, I will try this.

Is this for HTTPS and SSH as well? Is there's SK document for this one?

Thanks

0 Kudos
HeikoAnkenbrand
Champion
Champion

Hi @G_W_Albrecht ,

this sk is only for gatways not for SMS.

sk126613: Cipher configuration tool for R80.x Gateways

Regards

Heiko

0 Kudos
G_W_Albrecht
Legend
Legend

Yes, very true ! It is the two other SKs that concern pure SMS.

0 Kudos