.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
RSA NetWitness Authentication and SSL Encryption Details
Issue
RSA NetWitness NextGen Authentication and SSL Encryption Details
Resolution
We use a FIPS validated version of OpenSSL to secure appliance to appliance communications. We don't specify the actual parameters; it is
negotiated between the client and the server.
According to OpenSSL, here is the cipher suite list. The client program, Investigator, Administrator, or NwConsole send this list of supported
algorithms to the server. Since server components also use the same openssl build, the client and server will choose the first option in the
list, which is DHE-RSA-AES256-SHA.
negotiated between the client and the server.
According to OpenSSL, here is the cipher suite list. The client program, Investigator, Administrator, or NwConsole send this list of supported
algorithms to the server. Since server components also use the same openssl build, the client and server will choose the first option in the
list, which is DHE-RSA-AES256-SHA.
output of the command: /usr/local/ssl/fips/bin/openssl ciphers -v -tls1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
Password authentication is hashed and encrypted as noted below:
It?s a SALT type hash.
a. On the hello message, the server returns a random value.
b. The client requests the user password, which is then SHA-256 hashed. That hash is then hashed with the random value,
producing another hash which is sent to the server.
c. The server then compares that hash, with the user?s stored hash, which is also hashed with the random value sent to the
client. If the 2 hashes match, then it?s the correct password.
All password communications are also encrypted in transit via SSL as specified above.
For every user using NetWitness authentication, on every service, a SHA-256 hash of the password is stored.
Internal Comments
UserName:wirthr16/19/2012 7:03:41 PM - Solution Number 00000308
Solution Number 00000308
UserName:shurtj
8/25/2014 10:29:42 PM - Updated Article
Updated article and made changes to abide by Primus best practices.
UserName:salmeida
4/18/2024 5:29:42 PM - to be archived
Old product command/path and ciphers no longer valid - to be archived
Product Details
RSA NetWitness NextGenRSA NetWitness NextGen 9.5 and above
RSA NetWitness Decoder
RSA NetWitness Log Decoder
RSA NetWitness Concentrator
RSA NetWitness Hybrid
RSA NetWitness Broker
Approval Reviewer Queue
Technical approval queue