Cannot Receive Events from Secure Configuration Manager After Upgrading Sentinel to Version 7.3.1 and Later

  • 7017567
  • 02-May-2016
  • 02-May-2016

Environment


NetIQ Secure Configuration Manager 6.0
NetIQ Sentinel 7.3.1 and later

Situation

Sentinel uses the Diffie-Hellman protocol to communicate with Secure Configuration Manager. As part of fixing the Logjam vulnerability, the certificate key size for the Diffie-Hellman protocol in Sentinel has been increased to 2048. However, Secure Configuration Manager uses the default certificate key size; that is, 1024. Because of this mismatch, Secure Configuration Manager can no longer communicate with Sentinel. 

Resolution

Until a fix is available from Secure Configuration Manager, you can perform the following steps:

WARNING:Performing this workaround overrides the fix for the Logjam vulnerability specified in Security Vulnerability Fixes in the Sentinel 7.3.1 Release Notes.

1.       Log in as the Novell user and open the /etc/opt/novell/sentinel/config/configuration.properties file.

2.       Comment out the following line following line by prefixing #:

jdk.tls.ephemeralDHKeySize=2048

3.       Restart Sentinel.

Cause

As part of fixing the Logjam vulnerability, the certificate key size for the Diffie-Hellman protocol in Sentinel has been increased to 2048. However, Secure Configuration Manager uses the default certificate key size; that is, 1024