Environment
NetIQ Secure Configuration Manager 6.0
NetIQ Sentinel 7.3.1 and later
Situation
Sentinel uses the Diffie-Hellman protocol to
communicate with Secure Configuration Manager. As part of fixing the Logjam
vulnerability, the certificate key size for the Diffie-Hellman protocol in
Sentinel has been increased to 2048. However, Secure Configuration Manager uses
the default certificate key size; that is, 1024. Because of this mismatch,
Secure Configuration Manager can no longer communicate with Sentinel.
Resolution
Until a fix is available from Secure
Configuration Manager, you can perform the following steps:
WARNING:Performing this workaround
overrides the fix for the Logjam vulnerability specified in Security
Vulnerability Fixes in
the Sentinel
7.3.1 Release Notes.
1. Log
in as the Novell user and open the /etc/opt/novell/sentinel/config/configuration.properties file.
2. Comment
out the following line following line by prefixing #:
jdk.tls.ephemeralDHKeySize=2048
3. Restart
Sentinel.
Cause
As part of fixing the Logjam vulnerability, the
certificate key size for the Diffie-Hellman protocol in Sentinel has been
increased to 2048. However, Secure Configuration Manager uses the default
certificate key size; that is, 1024