4 Replies Latest reply on Dec 7, 2016 10:24 AM by marco.veloz

    CSA Cipher Suites - 3DES

    BD_RB Apprentice

      Should 3DES be removed or blocked as it is vulnerable to SWEET32?

      and

      Does the CSA support anything other than RSA?

      also

      Any plans to add open SSL 1.0.1u to CSA?

        • 1. Re: CSA Cipher Suites - 3DES
          michael.odriscoll SupportEmployee

          Hi Brian,

           

          Thanks for posting your question here to the Community.

           

          Did you manage to find answers to these questions? If so, please share with the community, it might help someone out.

          If you still have questions you could open a ticket with our support team https://support.landesk.com/CaseLogging.aspx

           

          Michael

          • 2. Re: CSA Cipher Suites - 3DES
            BD_RB Apprentice

            Did not find the answer yet. Disabling the RSA ciphers seemed to cause a few issues for the CSA itself, and it would bootup to a blank white screen when I did this. Seemingly maybe because it was running on older version of openssl?  Ended up just moving the RSA ciphers to the end of the list but that still seems like it could still pose a vulnerability to SWEET32. Customers who need to be PCI compliant may have the CSA audited and turn up 3DES and RSA ciphers....

             

            I think even though there is not user login sessions and cookies traversing this connection to the CSA there is still the question for me whether LANDesk is planning to update the CSA to use openssl 1.2, 1.1 or at least 1.0.1u? Is there a CSA roadmap or something like that in the community?

            • 3. Re: CSA Cipher Suites - 3DES
              phoffmann SupportEmployee

              I'll try to get "Mr. CSA guy"-s eyes on this thread ...

              • 4. Re: CSA Cipher Suites - 3DES
                marco.veloz SupportEmployee

                Hi Brian,

                 

                What version of the CSA are you on? On the most recent update  (verison 4.3.181)the CSA is set the proper Ciphers and blocking things like RC4 and DES. Also it will support openssl 1.2 with a minimum if 1.1. Please let me know if you have any further questions.

                 

                Thank you,