602 views

Can Smart Connector 8.1 be used with ESM 6.11?

Jump to solution

The support matrix is very unclear about what products can be used with various versions of ESM. Does anyone know if Connector 8.1 can be used with ESM 6.11? We do not have a 6.11 ESM on our site but some of our customers do and we can't just install on their site to test.

0 Likes
1 Solution

Accepted Solutions
Knowledge Partner Knowledge Partner
Knowledge Partner
Can be used? Yes
Will it work? Yes, if you change the chipher settings.
Supported? Unclear. As default settings prevent connection from FW >=8 to connect to at least 6.9.1 and probably 6.11.
Will it work? Yes, if you change the chipher settings.

View solution in original post

0 Likes
8 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner
I can just answer this question for
Connector FW version 8.0 and ESM 6.9.1
To make it work with  ESM 6.9.1 i had to add to agent.properties this line
 

 

 

ssl.cipher.suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA

 

 

 

I took my infos from " 6.9.1c GA admin guide" there was a section

 

 

    Cipher suite
A set of authentication, encryption, and data integrity algorithms used for securely exchanging data
between an SSL server and a client.
Depending on FIPS mode settings, some of the following cipher suites are automatically enabled
for ESM and its clients:
n TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
n TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
n TLS_RSA_WITH_3DES_EDE_CBC_SHA
n TLS_RSA_WITH_AES_128_CBC_SHA
The cipher suites that are enabled are configured by ArcSight Wizards in property files. Although in
most cases you do not need to change the cipher suites, you can configure them in the
corresponding properties file for an ArcSight component:
Component Property File Property
Manager config/server.properties servletcontainer.jetty311.socket.
https.ciphersuites

 

 

Knowledge Partner Knowledge Partner
Knowledge Partner

ESM 6.11 Admin guide explains 

FIPS 140-2
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA
Note: These are the same ciphersuites as are used for non-FIPS mode.

FIPS Suite B
In 192 bit mode, the following 192-bit ciphersuites are supported.
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

In 128 bit mode,the following 128-bit ciphersuites are supported.
HPE ESM 6.11.0 Page 158 of 164
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

and this is from 8.1 agent.defaults.properties.... i think you will be able to manage the right combinations from here.

# Cipher suites allowed for outgoing SSL connections.
#
# The following cipher suites are supported:
#
#   SSL_RSA_WITH_RC4_128_MD5
#   SSL_RSA_WITH_RC4_128_SHA
#   TLS_RSA_WITH_AES_128_CBC_SHA
#   TLS_DHE_RSA_WITH_AES_128_CBC_SHA
#   TLS_DHE_DSS_WITH_AES_128_CBC_SHA
#   SSL_RSA_WITH_DES_CBC_SHA
#   SSL_DHE_RSA_WITH_DES_CBC_SHA
#   SSL_DHE_DSS_WITH_DES_CBC_SHA
#   SSL_RSA_EXPORT_WITH_RC4_40_MD5
#   SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
#   SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
#   SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
#   SSL_RSA_WITH_NULL_MD5
#   SSL_RSA_WITH_NULL_SHA
#   SSL_DH_anon_WITH_RC4_128_MD5
#   TLS_DH_anon_WITH_AES_128_CBC_SHA
#   SSL_DH_anon_WITH_DES_CBC_SHA
#   SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
#   SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
#
ssl.cipher.suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256
# In FIPS mode
ssl.fips.cipher.suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
ssl.fips.suiteb.128.cipher.suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
ssl.fips.suiteb.192.cipher.suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

 

 

I asume your question is not answered in the direction you wanted it to be answered , aka can the Framework still feed events to an old ESM?

8.0 could  feed 6.9.1 with those adjustments.

 

KR

A

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Error [com.arcsight.common.b.m: Couldn’t connect to ArcSight Manager: <manager_name> (proxy: [none]) Received fatal alert: handshake_failure]

is the error you would see in the logs.

0 Likes
Micro Focus Expert
Micro Focus Expert

Hey brettpladna,

please check release notes. They state exactly what vitz1 already explained in great detail.

In connector release 8 and forward, the support for some of the crypto material has been changed.

So ESM and the connectors work with each other, but you need to make sure (by configuration settings vitz1 has highlighted), that they both use the same crypto-standards.

HTH,

t00r

P.S.: please make sure to mark the appropriate post as solution and/or like it, so others in the community can more easily find solutions to similar problems.

thanks all and stay safe

0 Likes
Vice Admiral Vice Admiral
Vice Admiral

 

Customer: ESM v6.11p4 ; SC v7.14

The question was is SC v8.1 compatible and or supported with use in conjunction with ESM v6.11p4 (non FIPS)?

The latest matrix has everything blanked out beyond ESM v7.2p1

And the release notes do not address the question.

If there is documentation that exists on this site stating so or otherwise that's what the goal is.  "Does MF support the use of SC 8.1 > ESM 6.11p4"?   Yes/No

Thank you

 

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner
Can be used? Yes
Will it work? Yes, if you change the chipher settings.
Supported? Unclear. As default settings prevent connection from FW >=8 to connect to at least 6.9.1 and probably 6.11.
Will it work? Yes, if you change the chipher settings.

View solution in original post

0 Likes

That's fine. If you're going to have a support matrix to help with what to install and not to install, then be clear in it. That's all I am saying. I shouldn't have to go through 3 or more documents to get an answer every time there is an update to a product.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.