search cancel

Does the OpenSSL vulnerability issue CVE-2015-4000 affect the ITMS versions 7.5 or 7.6, and if so then how to mitigate the affect?


Article ID: 162027


Updated On:


IT Management Suite


A new OpenSSL vulnerability issue is found and it is described in the following articles:


Note that this issue affects ITMS 7.5 and ITMS 7.6 in scenarios where Symantec Management Agent is establishing HTTPS connection to a server that supports EXPORT ciphers.
  • According to the Microsoft's "Cipher Suites in Schannel" article, EXPORT ciphers are disabled by default on Windows 2008 and newer, but administrators may want to double-check that they were not enabled manually.
  • The site servers that are installed on Windows 2003 or Linux platform with Apache 2.2 may be affected, because Apache 2.2 default configuration enables EXPORT ciphers. (
  • CEM Internet gateway is affected by this issue as it is using Apache 2.2.


The solution is to disable EXPORT ciphers on all servers in the environment.
  • See Microsoft’s article on how to do this on Windows computers.
  • The suggestion below works for Apache servers - Linux Package Servers and CEM Internet Gateway:
    Add !EDH to SSLCipherSuites option in the SSL section of the Apache config file.
    Example: SSLCipherSuites !EDH
Note that there is a new version of OpenSSL available in some of the ITMS pointfixes and hotfixes. For more information, see the following article: