How to disable the low level encryption along with the use of SSL v2.0 for ITM components?
To disable the security vulnerability in OpenSSL version 2, follow the below technote:
To disable the low level encryption, add the below variable in monitoring server (TEMS), TEPS or agent server and enable a specific cypher
for example, to strengthen the RSA (256)and DES encryption add the below variable in the ITM components configuration file
Windows : GSK_V3_CIPHER_SPECS=350A
UNIX/Linux : GSK_V3_CIPHER_SPECS='350A'
The strings "35" and "0A" is described here in the GSKit documentation.
01 = NULL MD5
02 = NULL SHA
03 = RC4 MD5 EXPORT
04 = RC4 MD5 US
05 = RC4 SHA US
06 = RC2 MD5 EXPORT
09 = DES SHA EXPORT
0A = Triple DES SHA US
2F = TLS_RSA_WITH_AES_128_CBC_SHA
35 = TLS_RSA_WITH_AES_256_CBC_SHA
NULL = Default cipher specs are used (may change in future)
For AC3 = '04052F350A090306'
For AC2 = '090306' (AC2 is supported but no longer shipped)