TLS ROBOT Vulnerability

book

Article ID: 76590

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Networking team is upgrading the Netscalar Load Balancer from code 10.5 63.8.nc to 11.1 56.19.nc, because of the amber vulnerability alert reported for TLS ROBOT. These LBs are front ending various Siteminder components such as federation web server, reverse proxy, and SharePoint Agent server. I would like to check if CA is aware of any compatibility issues or any specific configuration that need to be taken care of to ensure this upgrade does not break any of the Siteminder services. 

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component:

Resolution

This vulnerability calls for disabling of all RSA ciphers. Need to assure at least one common non-RSA cipher between load balancers and Siteminder components.