Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-11116

Clarify the format for cipher suite names in Ops Manager

    XMLWordPrintable

    Details

    • Last comment by Customer:
      true
    • Story Points:
      0.2
    • Sprint:
      KANBAN BUCKET

      Description

      In Ops Manager v3.6 we provided users with ability to disable specific TLS/SSL cipher suites.

      We have a corresponding section added to the documentation here.

      The problem is that it is not really obvious that the format in which the ciphers have to be specified must be the one used in Java, which follows cipher suite names notation as defined in the RFC.

      To elaborate further, a user might want to use the OpenSSL toolkit for checking the available ciphers. However cipher suite names used in OpenSSL do not match the RFC:

      // This is the same cipher suite
      // Java / RFC
      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
      // OpenSSL
      ECDHE-RSA-DES-CBC3-SHA
      

      Unfortunately, if the cipher that needs to be disabled is specified in the OpenSSL format (e.g. ECDHE-RSA-DES-CBC3-SHA, not TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA), Ops Manager will silently accept it, but the cipher suite will not get disabled.

      We should clarify that the cipher suite names must be specified in the Java / RFC format as otherwise some users may end up in a situation when they think they have disabled some ciphers, but that's not actually the case.

        Attachments

          Activity

            People

            Assignee:
            caleb.thompson Caleb Thompson
            Reporter:
            dmitry.ryabtsev Dmitry Ryabtsev
            Participants:
            Last commenter:
            Anthony Sansone Anthony Sansone
            Docs Reviewer:
            Jeffrey Allen Jeffrey Allen
            External Reviewer:
            James Broadhead
            Votes:
            1 Vote for this issue
            Watchers:
            10 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since reply:
              3 years, 14 weeks, 5 days ago
              Date of 1st Reply: