How to disable protocol SSL v3.0 completely in hub tunnels?
Article ID: 47006
Updated On:
Products
Issue/Introduction
Can Hub Tunnel encryption use TLS v1.2 only? We want to eliminate the use of SSL v3.0 protocol in our communications, due to the known vulnerabilities that the SSL protocol has nowadays.
Environment
UIM any release
Resolution
Answer:
- Yes, if you select any of the TLS v1.2 ciphers published in the OpenSSL.org site https://www.openssl.org/docs/man1.0.2/apps/ciphers.html , all the communication will be encrypted using the correspondent algorithm and transported via the correspondent protocol. In this case TLS.
- If you check the hub logs, you will see some references to the SSL library:
Sep 7 11:29:48:956 [12132] hub: SSL using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
However, it’s important to remark the level of encryption and protocol that it’s being shown in the log message, as it’s identifying the technology that it’s being used, as highlighted below:
Sep 7 11:29:48:956 [12132] hub: SSL using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
Additional Information
- It's also recommended to check the HUB release notes, available in the following link: https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/hub/hub-release-notes.html
- If you need information about how to use a cipher in order to encrypt hub communications to a certain level, please check: https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/hub/hub-im-configuration/hub-im-gui-reference.html
Below is a screenshot showing you the exact location where the cipher has to be entered:
Attachments
Feedback
