I have a requirement from my security department to not use SSLv3 anymore in UIM hub-to-hub communications. I have to use TLS 1.2. In researching and in an earlier open case I understand I have to delete my current tunnels and create new tunnels that only use TLS 1.2. I can't find any Broadcom documentation on exactly how to do this. Everything seems to say create tunnels using TLS 1.2 but use SSLv3 as a fallback. I can't do this. Plus, I can't see any instructions on exactly how to create a TLS 1.2 tunnel. For example, what cipher settings should I use that specify TLS 1.2 only? What setting should I use in the Hub configuration to eliminate SSLv3? Please provide exact instructions how to do create Hub-to-Hub tunnels using TLS 1.2 only.
Release : 20.3
Component : UIM - HUB
- Guidance
This ensures tunnels are 'PCI Compliant' by utilizing the following ciphers->
`AESGCM:!aNULL`
which forces TLS 1.2-only Tunnels
If you need to enable TLS for the tunnel configuration you can use the following steps which should also pass PCI as it is TLS1.2.
This works for hub version 7.93 or higher.
1. In IM, open the hub GUI
2. Click on the Tunnels Tab
3. Make sure Server 'Active' is checked if this is the Tunnel Server
4. Under Security Settings click 'Custom'
5. Inside the Custom box utilize the following "AESGCM:!aNULL"
6. It's recommended to recreate the SSL cert if one already existed.
At that point, if you examine the hub.log on first start, and when the tunnels are initialized, you will see something to the effect of starting Tunnels with TLS Enabled.
Enabling TLS on UIM Hubs
https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=807742
POODLE vulnerability: Disabling SSL v3 on the Nimsoft Hub
https://knowledge.broadcom.com/external/article/34613