Micro Focus Expert
Micro Focus Expert
390 views

Managing Operations Agent ciphers

Hi,

Is there a way to manage and control the allowed ciphers for Operations Agent v12?

I am working in an environment where certain ciphers are not allowed, but can't find how to change the cipher settings for the agents.

Thanks and regards,

Tim

0 Likes
1 Reply
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Managing Operations Agent ciphers

Hello Tim,

Yes, for example:

[sec.core.ssl]
SSL_CIPHER_LIST=HIGH:MEDIUM:!DH:!ADH:!SSLv2:+SHA:!MD5:+RSA:+DSS:!RC4:+IDEA:!RC2:+DES:!3DES:!SEED-SHA

 While at it you might also want to set COMM_PROTOCOL in the same name space, e.g.:
ovconfchg -ns sec.core.ssl -set COMM_PROTOCOL TLSv1.2

See the Agent Reference Guide for more information about those two settings.

Also, this link may be helpful with information about openssl ciphers:
https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html

Some Notes:
You need OA 11.15 or OA 12 (or later for this to have an effect).
By restricting ciphers and protocols on one agent or server, older agents or servers with old L-Core version may not be able to communicate to such an agent or server any more.

Best regards,
Tobias

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.