Management Services SSL protocol version is not migrated to 7.2 from 6.7.4
search cancel

Management Services SSL protocol version is not migrated to 7.2 from 6.7.4

book

Article ID: 212702

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Enabled or disabled SSL protocol version of the Management Service are not migrated when it is upgraded to 7.2.x from 6.7.4.x.

  • Current 6.7.4.x's SSL Protocol version is setup only available tlsv1.2.
  • Run the migrate command remove-sgos7-config

After upgrade show management-services command display all 3 protocol version unexpectedly.

Blue Coat SG-VA Series#show management-services
Service Name:   HTTP-Console
Service:              HTTP-Console
Attributes:           <None>
..
SSL Protocol version: tlsv1.1 tlsv1.2 tlsv1.3

 

Environment

Release : SGOS7.2.x 

Component : Management

Cause

The SGOS 7.2.3.5 and earlier has issue if run the migrate upgrade scenarios.

If the appliance was never upgraded to 7.2.x or 7.3.x previously, upgrading to this release will preserve the previous ciphers selection and enable TLS 1.3 by default. 

To apply the fix if the appliance was previously upgraded to 7.2.x or 7.3.x, you must remove the existing SGOS 7.x configuration before upgrading. 

Issue the #remove-sgos7-config command, restart the appliance, and then install this release.

Resolution

SGOS7.2.3.6 has fix for unexpected migration behavior.

Upgrade from SGOS6.7.4 to SGOS7.2.3.6.

 

Additional Information

The sample of upgrade process.

eg: configure it on 6.7.4.13
#(config management-services)attribute ssl-versions tlsv1.2

Warning: This operation could result in a change of cipher suite.
ok
#(config management-services)view
Service Name: HTTP-Console
Service: HTTP-Console
Attributes: <None>
..
SSL Protocol version: tlsv1.2    << only tls1.2 is enabled.


eg: Upgrade to 7.2.3.1 as following proper procedure. 
#remove-sgos7-config
Removing SGOS 7.x configuration will permanently delete existing 7.x.x configuration from disk.
Continue? (y/n)[n]: y
Removing SGOS 7.x configuration ...

restart

Booting Version: SGOS 7.2.3.1, Release id: 254850
Executing image: Version: SGOS 7.2.3.1, Release id: 254850

==== Completed Major version system upgrade (sg6 to sg7).

#show management-services
Service Name: HTTP-Console
Service: HTTP-Console
Attributes: <None>
..
SSL Protocol version: tlsv1.1 tlsv1.2 tlsv1.3   << all 3 protocols are enabled.