.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Removing Static Key Ciphers and Enabling DHE and ECDHE from RabbitMQ in NetWitness
Issue
Static Key Ciphers have been blacklisted because Static Key Ciphers don't support "Forward secrecy" in the new specification for HTTP/2.
Tasks
Refer to the attached pdf "Kb Article on Ciphers.pdf" for detailed information about removing Static Key Ciphers and adding the DHE and ECDHE Ciphers for RabbitMQ.
Resolution
Refer to the attached pdf "Kb Article on Ciphers.pdf". The table below has the page number for the procedures documented in this pdf:- Page Number: 1
- Instructions for: Adding DHE or ECDHE ciphers
- Page Number: 3
- Instructions for: Update Ciphers for Windows Legacy Log Collector
Internal Comments
KB article does not explicitly specify which versions of RSA Netwitness Logs and Network are directly effected by the blacklisting of the Static Key Ciphers. It only references the DHE Ciphers that are supported by RabbitMQ in RSA Netwitness Logs and Network version 10.6.x.
Product Details
RSA Product Set: NetWitness, Security AnalyticsRSA Product/Service Type: RabbitMQ
RSA Version/Condition: 10.6.x, 11.x
Platform: CentOS 6, CentOS 7
Summary
How to update the RabbitMQ configuration file to disable Static Key Ciphers and enable DHE and/or ECDHE Ciphers.
Approval Reviewer Queue
Technical approval queue