Open Enterprise Server 2018 (OES 2018) Linux
Open Enterprise Server 2018 (OES 2018) SP1 Linux
Open Enterprise Server 2018 (OES 2018) SP2 Linux
A scan showed that SFCB was using SSLv3 and this needs to be disabled.
The scan specifically showed SSLv3 needs to be disabled on port 5989. Researching this port shows that on an OES server that port is assigned to SFCB.
On OES2018 and newer, TLSv1.2 is supported so it's possible to disable SSLv3, this is not possible on earlier systems such as OES2015Sp1 or the OES11 servers.
On OES2018 and newer, these lines in /etc/sfcb/sfcb.conf make the required change:
and set them to true
Change the lines and restart sfcb or restart the server.
OES 2018 SP2 after update 4 has an additional config file located in /etc/sfcb. Engineering added a sfcb.cfg.rpmnew to replace sfcb.cfg after making the needed changes to update the configuration
Make a backup of the current sfcb.cfg file
Then edit sfcb.cfg.rpmnew
find the ciphers line and change it to:
In the following paragraph locate the following three lines, unremark them:
and set them to true:
Save the file, then rename the new config file to replace the old config file:
mv sfcb.cfg.rpmnew sfcb.cfg
Run the command to restart sfcb:
systemctl restart sfcbd