Environment
Identity Manager Driver - Linux and UNIX - Fan Out
Platform Agents
Core Driver
Situation
Security Requirements for TLS 1.2 Communication between
Platform agents and Core Driver
Resolution
Recent Versions for both the Core Driver and Platform agents
are required to allow for TLS 1.2 Communication.
By default the Core Driver and platform agent will communicate
over TLS 1.2 if both ends support it.
At the time of the writing of this TID, the lowest combination
tested that communicated over TLS 1.2 was
IDM Engine - 4.6.2
Core Driver - novell-DXMLfandrv-4.0.3.1-201704111424
Platform Agent - 3.6.1.29.
This combination successfully communicated over TLS 1.2, and
is assumed that later versions of any of the above components would
continue to do so.
Confirmation can be accomplished by analyzing a LAN trace of
the communications.
For example at either the Platform agent or Core Driver end a
"tcpdump -i any port 3451 -s 0 -w nameoftrace.cap"
can taken and analyzed to determine actual communications.
Below is a capture of the traffic using wireshark.
