To disable Secure Hash Algorithm SHA (v1)
The instructions in KB article below can be used in this case with minor modifications to accomplish the task of disabling SHA (v1)
489217 : Smarts SAS: Security Vulnerability for Disabling "RC4" Cipher (CVE-2015-2808) https://support.emc.com/kb/489217
EMC recommends to use the below set of strong ciphers and not include RC4 in SM_TLS_SUITE_LIST for TLS communication. This also will disable SHA (v1) as well The following procedure has to be followed for disabling RC4 algorithm and specifying a strong cipher suite in EMC Smarts 9.4 Service Pack 2 release: 1. For each Domain Manager installation and for the SAM Console, SM_TLS_SUITE_LIST environment variable needs to be added to the runcmd_env.sh file.
- From the <BASEDIR>/smarts/bin directory, enter the command below:
- sm_edit local/conf/runcmd_env.sh
- SM_TLS_SUITE_LIST=AES256-GCM-SHA384:AES128-GCM-SHA256 (A colon (:) separated values can be used to specify multiple cipher suites)
- If a single cipher needs to be specified then it would be SM_TLS_SUITE_LIST=AES256-GCM-SHA384
- Save and close the file.
- Restart the Manager.
|
Smarts Supports SHA 2, specifically: SHA256 and SHA384.
See the notes below for a general explanation.