Highlighted
Super Contributor.
Super Contributor.
339 views

ArcMC 2.93 TLS Change

I performed this update on an existing appliance and noticed that TLSv1 and TLSv1.1 were removed from multiple locations (see list below).  I re-reviewed the Release Notes and did not see this documented.  This can impact you if you are running older versions of ArcSight products.

 

Files:

/opt/arcsight/arcmc/bin/scripts/web.sh

/opt/local/apache/conf/httpd.conf

/opt/arcsight/arcmc/config/logger/logger.defaults.properties

 

Based upon the document (https://softwaresupport.softwaregrp.com/doc/KM03252336?fileName=TLS_1.2_for_ArcSight_Products_TechNote.pdf) these changes are to only support TLSv1.2.  This document lists the minimum product versions required.

5 Replies
Highlighted
Community Manager Community Manager
Community Manager

Re: ArcMC 2.93 TLS Change

Thank you for sharing this information! I forwarded your post to our ArcSight documentation team asking them to look into this finding!

0 Likes
Highlighted
Regular Contributor.
Regular Contributor.

Rif.: ArcMC 2.93 TLS Change

Consider that the same thing goes for Logger 7.0 that forces TLS 1.2. I realized this because older versions of SmartConnector can't communicate no more (error "javax.net.ssl.SSLException: Received fatal alert: protocol_version").

0 Likes
Highlighted
Community Manager Community Manager
Community Manager

Rif.: ArcMC 2.93 TLS Change

thank you once more for additional information!

0 Likes
Highlighted
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Rif.: ArcMC 2.93 TLS Change

Hello.Thanks for your information.

Unfortunately, we were unable to gather this information prior to execute an upgrade with a customer. They have SmartConnectors version 7.3 and just upgrades to Logger 7.0. So we are facing the same error with most of the connectors.

javax.net.ssl.SSLException: Received fatal alert: protocol_version

There is any way to configure Logger to support other protocol versions rather than TLSv1.2? This might be a workaround while our customer updates the SmartConnectors?

Regards, Andres.

0 Likes
Highlighted
Regular Contributor.
Regular Contributor.

Rif.: ArcMC 2.93 TLS Change

Hi,

 

just try to set this value on agent.properties:

 

ssl.protocols=TLSv1.2,TLSv1.1,TLSv1

 

Please let me know if that worked for you.

Bye

 

Alex

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.