Reduce the cipher security in 7.3.1

book

Article ID: 169864

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

I need to to reduce the cipher security in 7.3.1 match the capabilities of the openvpn release in 7.2.x. 

This is required if you are running different version between CMC and sensors.

 

Resolution

To remove the upgraded cipher requirement, comment out the following two lines in /etc/openvpn/server.conf of the CMC and the /etc/openvpn/client0.conf of the sensors running on 7.3.1. 

The lines to comment out are:
cipher AES-128-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384

And should look like this when done:
# cipher AES-128-CBC
# tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
 
Once the files are updated, restart the solera-openvpn service on both CMC and sensors  They should connect again within a minute or so. 
#  service solera-openvpn restart 

To refresh the browsers cache on the CMC, run the command 'redis-cli –p 6378 flushall'.  This will force the CMC to update your browser page with the current status.