Reduce the cipher security in 7.3.1


Article ID: 169864


Updated On:


Security Analytics


I need to to reduce the cipher security in 7.3.1 match the capabilities of the openvpn release in 7.2.x. 

This is required if you are running different version between CMC and sensors.



To remove the upgraded cipher requirement, comment out the following two lines in /etc/openvpn/server.conf of the CMC and the /etc/openvpn/client0.conf of the sensors running on 7.3.1. 

The lines to comment out are:
cipher AES-128-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384

And should look like this when done:
# cipher AES-128-CBC
# tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
Once the files are updated, restart the solera-openvpn service on both CMC and sensors  They should connect again within a minute or so. 
#  service solera-openvpn restart 

To refresh the browsers cache on the CMC, run the command 'redis-cli –p 6378 flushall'.  This will force the CMC to update your browser page with the current status.