search cancel

Is there a way I can disable SSLv2 on my Audit nodes running iGateway? It is showing up as a vulnerability.

book

Article ID: 54185

calendar_today

Updated On:

Products

CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting

Issue/Introduction

Description:

The iGateway is a shared component among several different CA products. The updated version of iGateway has not been certified with all CA products. Please check with the individual CA products that you have installed on your machine before applying this new version of iGateway.

Note: This document assumes that you are only running CA Audit on a particular machine with no other CA products.

Solution:

Gateway version 4.5.0.7 and later provides support for disabling SSLV2. SSLv2 is the default setting for iGateway.

CA recommends only using iGateway 4.5 or above with Audit version R8 SP1 CR3. Please make sure that you check any other CA products that use the iGateway components on a particular machine and verify that component is supported with iGateway 4.5.

Should you have to upgrade Audit to install the updated iGateway, be aware that the Audit server components of Data Tools and Policy Manager should be upgraded before any Audit Client components.

You can download iGateway 4.5.0.7 from the link in this Technical Document. Unzip the iGateway_win32_4.5.0.7_Build081112.zip file, copy iGateway_win32_4.5.0.7_Build081112.exe to the server(s) where you need to upgrade iGateway and double click the .exe file to run the upgrade install.

Once you have upgraded iGateway to 4.5.0.7 (or if you are already running iGateway 4.5.0.7 or newer) please complete the following steps to configure iGateway to use your chosen SSL version.

  1. Stop CA iTechnology iGateway service.

  2. Edit the following tag in the iGateway.conf file (found in ....Program Files\CA\Shared Components\iTechnology directory):

    <secureProtocol></secureProtocol>

    <Please see attached file for image>

    Figure 1

  3. Add one of the following modes between the <secureProtocol></secureProtocol> tags:

    • SSLV2

    • SSLV3

    • SSLV23

    • TLSV1

      <Please see attached file for image>

      Figure 2

      Note: This example shows using the SSLv3 mode. The default when the <secureProtocol> tags are blank is SSLv2.

  4. Save the iGateway.conf file.

  5. Restart the CA iTechnology/iGateway service.

Environment

Release:
Component: ADTCTL

Attachments

1558713968956000054185_sktwi1f5rjvs16t8n.gif get_app
1558713966935000054185_sktwi1f5rjvs16t8m.gif get_app
1558535593379TEC484038.zip get_app