Wiki Markup | |
---|---|
Panel | |
|
Security Refresh (OpenSSL 1.02f)
...
Universal
...
Agent
...
6.3.0.1
...
implements
...
the
...
latest
...
OpenSSL
...
toolkit
...
for
...
Transport
...
Layer
...
Security
...
(TLS)
...
and
...
Secure
...
Sockets
...
Layer
...
(SSL)
...
protocols.
...
This
...
ensures
...
that
...
the
...
Universal
...
Agent
...
and
...
it's
...
components
...
have
...
the
...
latest
...
security
...
fixes
...
available.
...
This
...
implementation
...
introduces
...
several
...
new
...
and
...
stronger
...
cipher
...
suites
...
for
...
encrypting
...
control
...
and
...
data
...
sessions.
...
Cipher
...
suite
...
defaults
...
for
...
new
...
installs
...
have
...
also
...
been
...
updated
...
to
...
reflect
...
changes
...
in
...
security
...
encryption
...
standards.
...
Existing
...
users
...
who
...
are
...
upgrading
...
from
...
older
...
Universal
...
Agent
...
versions
...
will
...
not
...
have
...
their
...
defaults
...
automatically
...
updated
...
and
...
should
...
consider
...
reviewing
...
these
...
to
...
ensure
...
that
...
any
...
corporate
...
security
...
standards
...
are
...
complied
...
with.
...
New Cipher Suites
The following new SSL Cipher Suites have been made available:
- AES128-GCM-SHA256
...
- -
...
- 128-bit
...
- AES
...
- encryption
...
- in
...
- Galois
...
- Counter
...
- Mode,
...
- SHA-2
...
- 256-bit
...
- message
...
- digest.
...
- AES256-GCM-SHA384
...
- -
...
- 256-bit
...
- AES
...
- encryption
...
- in
...
- Galois
...
- Counter
...
- Mode,
...
- SHA-2
...
- 384-bit
...
- message
...
- digest.
...
Note title Note RC4_*
...
and
...
DES_*
...
SSL
...
cipher
...
suites
...
will
...
be
...
deprecated
...
in
...
a
...
future
...
release
...
of
...
Universal
...
Agent.
...
Configuration File Security Changes
Universal Agent configuration files default access rights have been changed to owner and group read only.
Universal Encrypt Enhancements
The –aes option for uencrypt now defaults to yes, meaning that encrypted files will be by default use AES 256 bit encryption, previously the default was no which used DES 56 bit encryption. If customers do not supply their own key (-k option) an internal key is used for the encryption, this has been expanded to a 32 bit key. This means that Agent versions prior to 6.3.0.1
...
will
...
not
...
be
...
able
...
to
...
use
...
uencrypted
...
files
...
generated
...
with
...
the
...
new
...
defaults,
...
this
...
affects
...
managers
...
(ucmd,
...
udm,
...
etc)
...
and
...
the
...
Universal
...
Controller
...
CLI.
...
A
...
new
...
legacy
...
option
...
for
...
the
...
–aes
...
option
...
will
...
force
...
the
...
new
...
version
...
to
...
use
...
the
...
old
...
internal
...
key
...
to
...
maintain
...
backward
...
compatibility.
...
Universal Data Mover Peer Authentication
UDM now supports peer authentication. This allows a UDM manager to validate the identity via host-name and/or serial number of a remote Universal Broker certificate. Support has been added for both 2 party and 3rd party transfers.
SAP Process Chain Restart Enhancements
A USAP command ID can now be associated with an SAP process chain instance to facilitate a simplified restart process for failed SAP Process Chains.