This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
candaced
Absent Member.
Absent Member.
‎2017-04-04 18:39
678 views

Mobility Service Vulnerabilities

Just installed my third party certificates onto the Mobility server. My supplier Thawte says my server is vulnerable on two fronts.

It is vulnerable to a BEAST attack and it uses the RC4 cipher algorithm.

I found this Cool Solution https://www.novell.com/communities/coolsolutions/novell-datasync-server-ssl-beast-vulnerability/
BUT it is for Data Synchronizer not Mobility. there is no access to the connector xml from the web admin. So I think I found the connector xml at /etc/datasync/configengine/engines/default/pipelines/pipeline1/connectors/mobility BUT theses tags don't exist

<sslMethod>value</sslMethod>
<sslCiphers>list</sslCiphers>

Do I just add them?

I also found this forum thread,
https://forums.novell.com/showthread.php/406194-Disable-weak-ciphers-and-SSL2-0
but there is no notice of the issue being resolved.

It is also running TLS1.0 and the certificate authority recommends TLS1.2.


I am running Version: 14.2.0 Build: 279
Labels (1)
Labels
0 Likes
Reply
Report Inappropriate Content
2 Replies
candaced
Absent Member.
Absent Member.
‎2017-04-05 17:37

I opened a ticket with support. they said
2014 R2 SP1 Hot Patch 3 does not have the BEAST or RC4 vulnerabilities.
To fix TLS issues I have to upgrade to SLES12
0 Likes
Reply
Report Inappropriate Content
KonecnyA
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2017-04-05 20:31

In article <candaced.7whman@no-mx.forums.microfocus.com>, Candaced wrote:
> 2014 R2 SP1 Hot Patch 3 does not have the BEAST or RC4 vulnerabilities.
> To fix TLS issues I have to upgrade to SLES12

might you have apache also running on the system at default settings?
That could be what is being detected.

Also for more such cypher 'fun' https://ideas.microfocus.com/MFI/novell-
gw/Idea/Detail/1533

Thank you for your feed back as that helps us all.


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!
GMS troubleshooting tips at http://www.konecnyad.ca/andyk/gwmobility.htm


___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.