Securing Certificate Server of Identity Management server against SWEET32
Issue
- SSL/TLS protocol support cipher suites which use 3DES presents security weakness (64-bit Block Size Cipher Suites (SWEET32))
- Red Hat advised to completely disable DES/3DES ciphers 1
- IdM server was initially installed on RHEL 7.4 or earlier
- Network scanner had discoverd that Certificate Server (CS) of IdM supported the vulnerable cipher
- Need to secure CS of IdM server against the weakness
- Vulnerability presented even after upgrading to RHEL 7.5 or later
Environment
- Red Hat Enterprise Linux (RHEL) 7.4 or earlier
- Red Hat Identity Management (IdM) / FreeIPA
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.