Submit a ticketCall us

WebinarUpcoming Webinar: Know What’s Changed – with NEW Server Configuration Monitor

Change management in IT is critical. But, even with a good change management process, changes are too often not correctly tracked, if at all. The configuration of your servers and applications is a key factor in their performance, availability, and security. Many incidents can be tracked back to an authorized (and sometimes unauthorized) configuration change, whether to a system file, configuration file, or Windows® Registry entry. Join SolarWinds VP of product management Brandon Shopp to discover how the new SolarWinds® Server Configuration Monitor is designed to help you.

Register now.

Home > Success Center > Virtualization Manager (VMAN) > VMAN - Knowledgebase Articles > Cipher error after applying RC4 third-party SSL certificate

Cipher error after applying RC4 third-party SSL certificate

Overview

This article provides information and recommendation for the Cipher error after applying a RC4 third-party SSL certificate.

Environment

VMAN 6.3.1

Cause 

This issue is related to a JAVA vulnerability with RC4 Cipher suite. RC4 Cipher Suite is considered a weak Cipher algorithim by industry standards and was removed in JAVA version 1.8.0_60 and above. See article below:


https://support.blancco.com/index.ph...-communication


If you generated a certificate using RC4 Cipher algorithm, this will cause the Cipher error when accessing VMAN via SSL (port 8443). See sample error below:


cmmq0015 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

 

VMAN 6.3.1 JAVA version does not support RC4 Cipher suite as per the JAVA.

Resolution

Generate a certificate that VMAN Cipher suite supports. See the following list of Cipher suites supported:

  • <value>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</value>
  • <value>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</value>
  • <value>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</value>
  • <value>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</value>
  • <value>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</value>
  • <value>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</value>
  • <value>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</value>

 

Note: A simple RSA_SHA (SHA256withRSA) is supported and commonly used.

Last modified

Tags

Classifications

Public