.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Reactivate disabled ciphers in the NetWitness Platform XDR 12.1.1
Issue
When a few Ciphers in the NetWitness Platform XDR 12.1.1 are disabled and removed, the communication between the NetWitness Platform XDR 12.1.1 and the external integrated devices such as Archer-secops, Active Directory with and without SSL, SSO (Single Sign On), PAM (Pluggable Authentication Module), and PKI (Public key infrastructure) will be interrupted. If you encounter this issue after upgrading to 12.1.1, see Resolution section below.For more information about the list of Ciphers disabled in the NetWitness Platform XDR 12.1.1, see Resolution section below.
Resolution
To resume the communication between the external integrated devices (Archer-secops, Active Directory with and without SSL, SSO (Single Sign On), PAM (Pluggable Authentication Module), and PKI (Public key infrastructure)) and the NetWitness Platform XDR 12.1.1, follow these steps.Note: This is a temporary workaround. As a permanent resolution, you must disable the use of the following Ciphers on the external integrated devices.
DHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
DHE-RSA-AES128-SHA256
DHE-RSA-AES256-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
RSA-AES128-SHA256
RSA-AES128-SHA256(AES-GCM)
RSA-AES256-SHA384
AES128-SHA
AES256-SHA
RSA-AES128-SHA256(AES-CBC)
RSA-AES256-SHA256
- Reactivate the Ciphers in the Java.security files: You must reactivate the Ciphers in the following Java.security files.
- java.security-8 file
- java.security-11 file
- java.security-17 file
To reactivate the Ciphers in the java.security-8 file:
- SSH to the Admin Server. Go to the following path.
- Delete the following Ciphers in the jdk.tls.disabled.algorithms section.
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
DHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
DHE-RSA-AES128-SHA256
DHE-RSA-AES256-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
RSA-AES128-SHA256
To reactivate the Ciphers in the java.security-11 file:
- SSH to the Admin Server. Go to the following path.
- Delete the following Ciphers in the jdk.tls.disabled.algorithms section.
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
DHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
DHE-RSA-AES128-SHA256
DHE-RSA-AES256-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
RSA-AES128-SHA256
To reactivate the Ciphers in the java.security-17 file:
- SSH to the Admin Server. Go to the following path.
- Delete the following Ciphers in the jdk.tls.disabled.algorithms section.
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
DHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
DHE-RSA-AES128-SHA256
DHE-RSA-AES256-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
RSA-AES128-SHA256
- Reactivate the Ciphers in the Component Descriptor: You must enable the TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Cipher in the rsa.security.pki.ciphers section in the Component Descriptors to resume the communication between the external integrated devices and the NetWitness Platform XDR 12.1.1.
- SSH to the Admin Server. Go to the following files.
/etc/systemd/system/rsa-nw-admin-server.service.d/rsa-nw-admin-server-opts-managed.conf
/etc/systemd/system/rsa-nw-config-server.service.d/rsa-nw-config-server-opts-managed.conf
/etc/systemd/system/rsa-nw-content-server.service.d/rsa-nw-content-server-opts-managed.conf
/etc/systemd/system/rsa-nw-integration-server.service.d/rsa-nw-integration-server-opts-managed.conf
/etc/systemd/system/rsa-nw-investigate-server.service.d/rsa-nw-investigate-server-opts-managed.conf
/etc/systemd/system/rsa-nw-license-server.service.d/rsa-nw-license-server-opts-managed.conf
/etc/systemd/system/rsa-nw-node-infra-server.service.d/rsa-nw-node-infra-server-opts-managed.conf
/etc/systemd/system/rsa-nw-orchestration-server.service.d/rsa-nw-orchestration-server-opts-managed.conf
/etc/systemd/system/rsa-nw-respond-server.service.d/rsa-nw-respond-server-opts-managed.conf
/etc/systemd/system/rsa-nw-security-server.service.d/rsa-nw-security-server-opts-managed.conf
/etc/systemd/system/rsa-nw-source-server.service.d/rsa-nw-source-server-opts-managed.conf
- Add the following Cipher in the rsa.security.pki.ciphers section in all the files.
- Reboot the Admin server. Run the following command.
- Reboot all the Component Hosts in the environment. Run the following command.
Product Details
RSA Product Set: NetWitness Platform XDR
RSA Product/Service Type: Admin Server
RSA Version/Condition: 12.1.1
Approval Reviewer Queue
Technical approval queue