SSLProxyCipherSuite directive not written to Host based advanced options with domain based services

  • 7020725
  • 07-Jun-2017
  • 09-Jun-2017

Environment

NetIQ Access Manager 4.3
NetIQ Access Manager 4.2

Situation

A NAM administrator trying to add the following lines to the Access Gateway (AG) Advanced Options of a specific reverse Proxy (RP). They way the AC is parsing the third line is causing a configuration error when we restart apache.

SSLProtocol All -SSLv2
SSLHonorCipherOrder On
SSLProxyCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:MEDIUM:!LOW:!EXP:!SSLv2:!aNULL:!EDH:!AESGCM:!eNULL:!NULL

All lines are applied to the vhost file of this RP but the very last one - which is completely missing

// hosts.d/test-application.conf snippet of end of file

   # Advanced Options
 CacheIgnoreHeaders Authorization
 SetEnvIf User-Agent ".*Mozilla.*"\
 downgrade-1.0 force-response-1.0 no-gzip
 SSLProtocol All -SSLv2
 SSLHonorCipherOrder On
</VirtualHost>

This only seems to happen with domain based proxy - if I add the same settings to the path based proxy advanced option, it is written correctly.

// path based vhost file snippet

 # Advanced Options
 SSLProtocol All -SSLv2
 SSLHonorCipherOrder On
 SSLProxyCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:MEDIUM:!LOW:!EXP:!SSLv2:!aNULL:!EDH:!AESGCM:!eNULL:!NULL

Resolution

Apply NAM 4.3 SP2 patch.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.