Submit a ticketCall us

Quickly Address Software Vulnerabilities
Patch Manager is an intuitive patch management software which extends the capabilities of WSUS and SCCM to not only patch Windows® servers and workstations, and Microsoft® applications, but also other 3rd-party applications which are commonly exploited by hackers. Learn more about our patch management solution.

 

Home > Success Center > Virtualization Manager (VMAN) > Cipher error after applying RC4 third-party SSL certificate

Cipher error after applying RC4 third-party SSL certificate

Created by Roger Lofamia, last modified by MindTouch on Jun 23, 2016

Views: 94 Votes: 0 Revisions: 3

Overview

This article provides information and recommendation for the Cipher error after applying a RC4 third-party SSL certificate.

Environment

VMAN 6.3.1

Cause 

This issue is related to a JAVA vulnerability with RC4 Cipher suite. RC4 Cipher Suite is considered a weak Cipher algorithim by industry standards and was removed in JAVA version 1.8.0_60 and above. See article below:


https://support.blancco.com/index.ph...-communication


If you generated a certificate using RC4 Cipher algorithm, this will cause the Cipher error when accessing VMAN via SSL (port 8443). See sample error below:


cmmq0015 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

 

VMAN 6.3.1 JAVA version does not support RC4 Cipher suite as per the JAVA.

Resolution

Generate a certificate that VMAN Cipher suite supports. See the following list of Cipher suites supported:

  • <value>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</value>
  • <value>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</value>
  • <value>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</value>
  • <value>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</value>
  • <value>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</value>
  • <value>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</value>

 

Note: A simple RSA_SHA (SHA256withRSA) is supported and commonly used.

Last modified
04:07, 23 Jun 2016

Tags

Classifications

Public