Securing Communication over TLS 1.2 - IDM Linux Fanout Driver

  • 7024871
  • 19-Oct-2020
  • 19-Oct-2020

Environment

Identity Manager Driver - Linux and UNIX - Fan Out
Platform Agents
Core Driver

Situation

Security Requirements for TLS 1.2 Communication between Platform agents and Core Driver

Resolution

Recent Versions for both the Core Driver and Platform agents are required to allow for TLS 1.2 Communication.
By default the Core Driver and platform agent will communicate over TLS 1.2 if both ends support it.

At the time of the writing of this TID, the lowest combination tested that communicated over TLS 1.2 was

IDM Engine - 4.6.2
Core Driver - novell-DXMLfandrv-4.0.3.1-201704111424
Platform Agent - 3.6.1.29.

This combination successfully communicated over TLS 1.2, and is assumed that later versions of any of the above components would continue to do so.

Confirmation can be accomplished by analyzing a LAN trace of the communications.
For example at either the Platform agent or Core Driver end a "tcpdump -i any port 3451 -s 0 -w nameoftrace.cap"
can taken and analyzed to determine actual communications. Below is a capture of the traffic using wireshark.