search cancel

TLS ROBOT Vulnerability


Article ID: 76590


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


Networking team is upgrading the Netscalar Load Balancer from code 10.5 to 11.1, because of the amber vulnerability alert reported for TLS ROBOT. These LBs are front ending various Siteminder components such as federation web server, reverse proxy, and SharePoint Agent server. I would like to check if CA is aware of any compatibility issues or any specific configuration that need to be taken care of to ensure this upgrade does not break any of the Siteminder services. 


Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus


This vulnerability calls for disabling of all RSA ciphers. Need to assure at least one common non-RSA cipher between load balancers and Siteminder components.