Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Virtualization Manager (VMAN) > Cipher error after applying RC4 third-party SSL certificate

Cipher error after applying RC4 third-party SSL certificate

Created by Roger Lofamia, last modified by MindTouch on Jun 23, 2016

Views: 159 Votes: 0 Revisions: 3

Overview

This article provides information and recommendation for the Cipher error after applying a RC4 third-party SSL certificate.

Environment

VMAN 6.3.1

Cause 

This issue is related to a JAVA vulnerability with RC4 Cipher suite. RC4 Cipher Suite is considered a weak Cipher algorithim by industry standards and was removed in JAVA version 1.8.0_60 and above. See article below:


https://support.blancco.com/index.ph...-communication


If you generated a certificate using RC4 Cipher algorithm, this will cause the Cipher error when accessing VMAN via SSL (port 8443). See sample error below:


cmmq0015 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

 

VMAN 6.3.1 JAVA version does not support RC4 Cipher suite as per the JAVA.

Resolution

Generate a certificate that VMAN Cipher suite supports. See the following list of Cipher suites supported:

  • <value>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</value>
  • <value>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</value>
  • <value>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</value>
  • <value>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</value>
  • <value>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</value>
  • <value>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</value>

 

Note: A simple RSA_SHA (SHA256withRSA) is supported and commonly used.

Last modified
04:07, 23 Jun 2016

Tags

Classifications

Public