Smarts: How to Disable SHA (v1) for Smarts Broker and Server Communication
search cancel

Smarts: How to Disable SHA (v1) for Smarts Broker and Server Communication

book

Article ID: 332172

calendar_today

Updated On:

Products

VMware Smart Assurance

Environment

VMware Smart Assurance - SMARTS

Resolution

To disable Secure Hash Algorithm SHA (v1) 

The instructions in KB article below can be used in this case with minor modifications to accomplish the task of disabling SHA (v1)

489217 : Smarts SAS: Security Vulnerability for Disabling "RC4" Cipher (CVE-2015-2808)             https://support.emc.com/kb/489217

 

EMC recommends to use the below set of strong ciphers and not include RC4 in SM_TLS_SUITE_LIST for TLS communication.  This also will disable SHA (v1) as well 

The following procedure has to be followed for disabling RC4 algorithm and specifying a strong cipher suite in EMC Smarts 9.4 Service Pack 2 release:

1. For each Domain Manager installation and for the SAM Console, SM_TLS_SUITE_LIST environment variable needs to be added to the runcmd_env.sh file.
  • From the <BASEDIR>/smarts/bin directory, enter the command below:
  • sm_edit  local/conf/runcmd_env.sh
  • SM_TLS_SUITE_LIST=AES256-GCM-SHA384:AES128-GCM-SHA256 (A colon (:) separated values can be used to specify multiple cipher suites)
  • If a single cipher needs to be specified then it would be SM_TLS_SUITE_LIST=AES256-GCM-SHA384
  • Save and close the file.
  • Restart the Manager.
Smarts Supports SHA 2, specifically: SHA256  and SHA384.  
See the notes below for a general explanation.

Additional Information

  • SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm. Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.
  • SHA-2: A family of two similar hash functions, with different block sizes, known as SHA-256 and SHA-512. They differ in the word size; SHA-256 uses 32-bit words where SHA-512 uses 64-bit words. There are also truncated versions of each standard, known as SHA-224SHA-384SHA-512/224 and SHA-512/256. These were also designed by the NSA.