OEM weak cipher support

Similar Messages

• SSL Weak Cipher

  We have a new security product that has detected SSL Weak Cipher strengths. I have been going round and round trying to figure out what the issue might be.
  What I am down to is a config option with the OpenSSL. It appears it reads the SSL Cipher strengths from the vhost-ssl.conf file in the \etc\apache2\vhosts.d directory.
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL
  The above is the default string. I have changed it as follows to eliminate the weak SSLv2.
  SSLCipherSuite ALL:!ADH:!EXport56:RC4+RSA:+HIGH:+MEDIUM:+SSLv3:+E XP:+eNULL:-SSLv2
  The problem is the server still comes back support encryption less than 128 bit. What options do I need to change to fix this issue?

  IS this an OES1 or OES2 server? On what port is the weak cipher being used? When you installed your server, did you enable the option to use certificates from eDirectory?

• BizTalk Server 2013R2 SFTP Adapter - Cipher support (BLOWFISH)

  Hi,
  It appears that the SFTP adapter only supports a subset of commonly used ciphers. I'm trying without success to connect to a server that is using blowfish, without success. There currently seems to be 3 options in the port config - AES, TripleDES and Auto.
  I assume auto will negotiate between AES and 3DES - but I wonder if there is any further cipher support ?
  Regards, Jason

  Agree with you Jason and this
  MSDN Blog confirms that currently supported Encryption Ciphers are 3DES and AES. It doesn't support target systems with blowfish at least in this release.
  Rachit
  Please mark as answer or vote as helpful if my reply does

• Weak cipher suites supported on WCS port 8082

  Hi
  Port 8082 is used for health monitoring in WCS, a web service is running on this port so we can login via web and check the status.
  I would like to know, is there a way to limit the cipher suite supported on this port? For port 443, this can be done by modify the Apache configuration file, however this doesn't work for 8082. The version is 5.2.148.0.
  Thanks and Regars,
  Leo

  Hi ,
  "SSL RC4 Cipher Suites Supported" has been documented in bug CSCum03709. 
  CSCum03709    PI 2.0.0.0.294 with SSH vulnerabilities
  Presently, there is no workaround for this vulnerability, however, the fix will be implemented in
  Prime Infrastructure 2.2.which is planned to be released around the end of this year ( tentative)
  Thanks-
  Afroz
  ***Ratings Encourages Contributors ***

• Does OEM 2.1 support windows 2000 profesional

  Hi!
  I tried to install and configure oem 2.1 on windows 2000 profesional. so please let me know it's support oem for windows 2000 profesional.
  Thanks,
  Arvind

  Hi,
  yes this are the release notes of OVS 2.2.2. However I can remember that they looked the same for OVS 2.2.1.
  PS: If you look in the server user guide under "What's new", you won't find a new entry for Windows 7 with 2.2.2 - which implies it has been supported before.
  If you want to be 100% sure, upgrade to OVS 2.2.2.
  No - it only means you are not using xvd* devices but hd* / sd* devices. Which is also valid.
  However using xvd* devices (together with the PV drivers) is better for performance (I/O-Performance).
  Regards
  Sebastian

• Adding cipher support for Cryptsetup

  I have an encrypted partition that I created in another distro, and I can't unlock it in arch linux. The problem is that the proper ciphers are not installed.
  cryptsetup luksDump on the partition gives this information:
  Version:        1
  Cipher name:    serpent
  Cipher mode:    xts-essiv:sha256
  Hash spec:      sha1
  However, when I check my supported ciphers with cat /proc/crypto, I get
  name         : ecb(arc4)                                                                   
  driver       : ecb(arc4-generic)                                                           
  module       : ecb                                                                         
  priority     : 0                                                                           
  refcnt       : 3                                                                           
  selftest     : passed                                                                       
  type         : blkcipher                                                                   
  blocksize    : 1                                                                           
  min keysize  : 1                                                                           
  max keysize  : 256                                                                         
  ivsize       : 0
  geniv        : <default>
  name         : arc4
  driver       : arc4-generic
  module       : arc4
  priority     : 0
  refcnt       : 3
  selftest     : passed
  type         : cipher
  blocksize    : 1
  min keysize  : 1
  max keysize  : 256
  name         : stdrng
  driver       : krng
  module       : kernel
  priority     : 200
  refcnt       : 1
  selftest     : passed
  type         : rng
  seedsize     : 0
  In Ubuntu I've checked to make sure they are installed this way. I imagine its the same in Arch. What packages do I need to install to use serpent in XTS mode?

  did you load the module?
  try:
  modprobe aes-i586 #or maybe more like:
  modprobe aes-x86_64 #depending on your architecture
  http://wiki.archlinux.org/index.php/Sys … el_modules
  Last edited by atcq (2009-08-10 23:14:26)

• Is OEM 10g OMS supported on SLES10?

  I checked metalink and it shows that the 10g OEM OMS App Server is only supported on SLES9 32 bit. I here that Novell will be desupporting SLES 9 in July 2009.
  Is there a patch to run OEM OMS 10g on SLES10?
  Can I run OEM OMS 10g without a patch?
  Do I just have to wait for OEM 11g to come out before I can run the OMS App Server on SLES 10?

  OMS isn't supported on SLES10, but Agents are supported as per certification matrix
  Oracle Enterprise Manager 10g Grid Control Certification Checker
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=412431.1
  Is there a patch to run OEM OMS 10g on SLES10?AFAIK : No
  Do I just have to wait for OEM 11g to come out before I can run the OMS App Server on SLES 10?Could be

• Weak cipher blocking in ACE20

  I tried to create a L7 class-map for blocking the clients with ciphes strength less than 128 in ACE20 running with Software version A2(2.3).
  But there were no command inside the L7 class-map called cipher for matching the cipher strength 128. Command Tried to issue was
  host1/Admin(config-cmap-http-lb)#match cipher less-than 128
  So I want to know whether this is possible on ACE 20 and SW version A2(2.3).  Kindly suggest a way to acheive this.
  I have seen some other configuration using the parameter-match, But I dont know the Cipher Names which to allow.  I want to drop all the connections with less than 128 bits cipher strength.
  Can anyone help on this???
  Tharun

  By default all available ciphers will be allowed. Those are:
  –RSA_EXPORT1024_WITH_DES_CBC_SHA
  –RSA_EXPORT1024_WITH_RC4_56_MD5
  –RSA_EXPORT1024_WITH_RC4_56_SHA
  –RSA_EXPORT_WITH_DES40_CBC_SHA
  –RSA_EXPORT_WITH_RC4_40_MD5
  –RSA_WITH_3DES_EDE_CBC_SHA
  –RSA_WITH_AES_128_CBC_SHA
  –RSA_WITH_AES_256_CBC_SHA
  –RSA_WITH_DES_CBC_SHA
  –RSA_WITH_RC4_128_MD5
  –RSA_WITH_RC4_128_SHA
  To narrow that down, create a parameter-map that specifies only the strong ones. Then apply that PMAP using the ssl advanced-options keyword in your ssl-proxy service section. Something like this:
  parameter-map type ssl _SSL_PMAP
    cipher RSA_WITH_RC4_128_MD5
    cipher RSA_WITH_RC4_128_SHA
    cipher RSA_WITH_3DES_EDE_CBC_SHA
    cipher RSA_WITH_AES_128_CBC_SHA
  ssl-proxy service _SSL
    key
    cert
    chaingroup
    ssl advanced-options _SSL_PMAP

• Weak EJB support

  Hi,
  I tried Jdev2 with AppServer 4.0.7 to build EJB-based
  application. I'm disappointed with EJB support in AppServer.
  It is not standard and based on CORBA. Comunication between
  client and EJB server goes via ORB. In case of applet client
  it have to download two big ORB libraries (aprox. 0.8 MB each)
  in addition to it's own code. Maybe I'm wrong, but it seems
  to me that AppServer in current state not sutable EJB container
  for production system.
  Will be situation improved in next relese of AppServer or
  Oracle8i?
  When Oracle8i will be available for trial download?
  Vladimir
  null

  JDeveloper Team (guest) wrote:
  : Vladimir (guest) wrote:
  : : Hi,
  : : I tried Jdev2 with AppServer 4.0.7 to build EJB-based
  : : application. I'm disappointed with EJB support in AppServer.
  : : It is not standard and based on CORBA. Comunication between
  : : client and EJB server goes via ORB. In case of applet client
  : : it have to download two big ORB libraries (aprox. 0.8 MB
  each)
  : : in addition to it's own code. Maybe I'm wrong, but it seems
  : : to me that AppServer in current state not sutable EJB
  container
  : : for production system.
  : : Will be situation improved in next relese of AppServer or
  : : Oracle8i?
  : : When Oracle8i will be available for trial download?
  : : Vladimir
  : You are right that the EJB support in the AppServer is not
  : complete. With version 4.0.8 that will be improved. Oracle8i
  has
  : EJB support according to the EJB spec. Not sure about
  availablity
  : for download. Possibly the 8i production release.
  Could you give some details? Will Entity beans or EJBHome
  interface be supported? For example, JDeveloper offers an option
  to create Entity bean in EJB descriptor wizard. But there is no
  place to deploy that Entity bean. Oracle8i doesn't support Entity
  bean either.
  Andrei
  null

• How to specify a cipher suit used between plugin and weblogic server?

  I install Weblogic8.1 SP3 which supports for strong cipher suits, and config an apache 2.50 server as an front end.
  I config appache to use 2 way SSL with browser and wls one way SSL with apache plugin. Then config apache to forward client certs to WLS. now the problem is, I can see that the SSL connection between browser and apache uses a strong cipher suit('SSL_RSA_WITH_RC4_128_MD5'), but the ssl connection bwtween apache plugin and WLS uses a weak cipher suit('SSL_RSA_EXPORT_WITH_RC4_40_MD5'), with the SnoopServlet, although I use the mod_wl128_20.so module. How can I increase the cipher strength of SSL between WLS and it's apache plugin?
  Thanks in advance.
  Best
  Regards
  Jean

  Hello Gunaseelan,
  This is not possible because WLS 6.1 needs a config.xml file, exactly this
  name, to start.
  What you can do is to define a recovery domain, called myrecovery_domain for
  instance, and put the config_recovery.xml, renamed "config.xml".
  Hope this helps,
  Ludovic.
  Developer Relations Engineer
  BEA Support.
  "Gunaseelan Venkateswaran" <[email protected]> a écrit dans le message
  news: 3cd6a324$[email protected]..
  >
  Hi,
  I have 2 weblogic startup scripts (startWebLogic.sh and
  startWebLogic_recovery.sh) for the same domain.
  startWebLogic.sh uses config.xml file.
  I would like to use config_recovery.xml as the configuration file forstartWebLogic_recovery.sh
  >
  >
  How would I do this ?
  I am using WebLogic Server 6.1 on SunOS 5.8 / HP-UX 11.0.
  Appreciate any help.
  Regards
  Gunaseelan Venkateswaran

• Failing PCI Compliance Scan - SSL Weak...

  Hello,
  I currently use the WRVS4400n v2 (latest update) for my small business. I store and transmit data that contains credit card information and need to be PCI compliant. Regardless of which settings I change on the router, like turning off remote management, I keep failing the scan. ControlScan uses Nessus and the results are below (2 vulnerabilities).
  I did some research and spent some time with Cisco Sales Chat and they recommended a ASA5500 only to realize that it too had the same vulnerabilities. I did more research and it seemed that the SA520w (I need wireless) would do it but I found a thread on this forum saying that a client who had the SA520w did not pass the scan failed due to SSL vulerability (need v3+ ?). The thread is at https://supportforums.cisco.com/thread./2060512
  Question: What router/appliance should I use to be PCI compliant? Three has to be something, we're talking, this is Cisco.
  Thank you in advance for your help,
  Christophe
  Threat ID: 126928
  Details:
  IP Address: XX.XXX.X.XXX
  Host: XX.XXX.X.XXX
  Path:
  THREAT REFERENCE
  Summary:
  SSL Weak Cipher Suites Supported
  Risk: High (3)
  Type: Nessus
  Port: 60443
  Protocol: TCP
  Threat ID: 126928
  Information From Target:
  Here is the list of weak SSL ciphers supported by the remote server :
  Low Strength Ciphers (< 56-bit key)
  SSLv2
  EXP-RC2-CBC-MD5            Kx=RSA(512)   Au=RSA     Enc=RC2(40)      Mac=MD5    export    
  EXP-RC4-MD5                Kx=RSA(512)   Au=RSA     Enc=RC4(40)      Mac=MD5    export    
  The fields above are :
  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}
  Solution:
  Reconfigure the affected application if possible to avoid use of weak
  ciphers.Details:
  The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all.
  Threat ID: 142873
  Details:
  IP Address: XX.XXX.X.XXX
  Host: XX.XXX.X.XXX
  Path:
  THREAT REFERENCE
  Summary:
  SSL Medium Strength Cipher Suites Supported
  Risk: High (3)
  Type: Nessus
  Port: 60443
  Protocol: TCP
  Threat ID: 142873
  Information From Target:
  Here are the medium strength SSL ciphers supported by the remote server :
  Medium Strength Ciphers (>= 56-bit and < 112-bit key)
  SSLv2
  DES-CBC-MD5                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=MD5   
  SSLv3
  DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=SHA1  
  TLSv1
  DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=SHA1  
  The fields above are :
  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}
  Solution:
  Reconfigure the affected application if possible to avoid use of
  medium strength ciphers.Details:
  The remote host  supports the use of SSL ciphers that offer medium strength encryption,  which we currently regard as those with key  lengths at least 56 bits  and less than 112 bits.

  Chris,
  As i understand right now none of the Small Business router are PCI compliance ever since PCI 3.0 was released. How you overcome this; you'll need to forward any ports you are failing on to a ghost IP.. Ghost ip (any ip address that isn 't being used) If you are using those ports , then you will lose that service as the router isn't PCI 3.0 compliant.
  Jason
  I do believe the ASA5505 are PCI 3.0 Compliant.

• Can I install Linux and then use the original Windows 8 OEM product key for a virtual machine on the same computer?

  I have ordered a new laptop and expect to receive it in 2-3 weeks.  The laptop comes with an OEM version of Windows 8 installed.  I wish
  to install Linux as the host operating system and create a virtual machine running Windows 8.  Can I legally use the product key from the OEM installation to activate a virtual machine that will only be used on the laptop that had the original OEM installation? 
  If so, what is the procedure to activate the copy installed on the virtual machine?
  This question has been addressed for Windows 7, but my searches did not reveal this question posed for Windows 8.

  Technically, no.  The OEM is licensed only for the physical hardware on the system.  It isn't licensed for virtual hardware.
  You may find you're unable to activate your OEM license in the VM.  A lot of OEM Windows look for specific hardware to verify they're being installed on the correct hardware.
  Although here: http://www.microsoft.com/oem/en/Pages/support-faq.aspx#fbid=Zh0SiBdas5I
  Q. Can I install OEM on a virtual machine (VMware)?
  A. You may install OEM in a virtual environment as long as you have a separate license for each instance of the software. It is fine to use the OEM version as long as it is properly licensed. To be clear, a separate version of software must be installed
  for both the “standard” and “virtual” installations.
  You still may not be able to activate if there is a hardware block.
  The best place to ask this is to Microsoft licensing, any response you get here, including mine, won't hold up since it's not an official answer.
  Q. Can I install OEM on a virtual machine (VMware)?
  A. You may install OEM in a virtual environment as long as you have a separate license for each instance of the software. It is fine to use the OEM version
  as long as it is properly licensed. To be clear, a separate version of software must be installed for both the “standard” and “virtual” installations.
  edit: removed the duplicate Q&A

• Supported Video Cards

  Hi Gang!
  Does anyone know where i might be able to find a list of supported video cards for the Apple Cinema 23" HD display.
  Our company finally upgraded our standard from the 20" ACD, and today we received our first 23" HD display. Woo Hoo!
  I connected it to a Mac Pro 2 x 2.66 GHz Dual-Core Intel Xeon with an nVidia GeForce 7300 GT 256 vram card (what the Mac was shipped with), and for some reason it's not responding as smoothly as the 20" did.
  Figured i'd start with the card first.
  Thoughts?

  Hi-
  Form mid way through the G4 PowerMac lne, all OEM graphics cards support the 20" and 23" Cinema Display's.
  Simply, a DVI port equipped card capable of supporting 1920 x 1200 digital resolution.
  All G5's, and of course, all MacPro machines have the ability to run the monitors.
  Your 7300 GT is more than enough card to run the display.
  No real "list", but.......
  See System Requirements on the linked page.

• Slow support site and Windows 8 drivers

  Gents,
  What's going on ? Your support.lenovo.com site is slow like a snail.
  It's impossible to download fresh drivers.
  Can anyone explain, where can I find ALL drivers for T530 (2392-3RG) ?
  I need drivers for:
     Ricoh SDcard reader
     Intel chipset (USB3.0 must be working!!!)
  Windows 8 is RTM already !!! 2 months RTM !!!
  Where ALL drivers ???
  We bought 30+ of these laptops last month.
  We don't know what should we doing.
  Lenovo service is awful.
  It seems we need to go with Dell ;(

  welcome to the community.
  regarding support site speed, please see:
  http://forums.lenovo.com/t5/Feedback-on-the-new-support-site/Lenovo-Web-Site-Slow-Lately/td-p/886521
  regarding drivers for your T530, please see:
  http://support.lenovo.com/en_US/research/hints-or-tips/detail.page?&DocID=HT073832
  note that it may be slower to load at certain times of day as described above.
  regarding Windows 8 drivers, i looked at another oem's driver support pages and Lenovo seems to have very similar numbers of drivers released. even though the OS has been RTM, full driver support provided by any vendor may not be available until the official retail release on Friday and the weeks following, especially for models not preloaded with Win8.
  hope the links help you a bit.
  regards.
  English Community   Deutsche Community   Comunidad en Español   Русскоязычное Сообщество
  Community Resources: Participation Rules • Images in posts • Search (Advanced) • Private Messaging
  PM requests for individual support are not answered. If a post solves your issue, please mark it so.
  X1C3 Helix X220 X301 X200T T61p T60p Y3P • T520 T420 T510 T400 R400 T61 Y2P Y13
  I am not a Lenovo employee.

• T61 bios not support Phoenix BootBlock recover mode?

  T61 bios not support  Phoenix BootBlock recover mode? how to use phoenix crisdisk  to recover from bad flash bios?
  ACER,HP OEM PHOENIX BIOS support.

  T61 bios not support  Phoenix BootBlock recover mode? how to use phoenix crisdisk  to recover from bad flash bios?
  ACER,HP OEM PHOENIX BIOS support.