Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
{panbel} {toc} {panel} h2. Security Refresh (OpenSSL
Wiki Markup
Panel
Table of Contents

Security Refresh (OpenSSL 1.02f)

...

Universal

...

Agent

...

6.3.0.1

...

implements

...

the

...

latest

...

OpenSSL

...

toolkit

...

for

...

Transport

...

Layer

...

Security

...

(TLS)

...

and

...

Secure

...

Sockets

...

Layer

...

(SSL)

...

protocols.

...

This

...

ensures

...

that

...

the

...

Universal

...

Agent

...

and

...

it's

...

components

...

have

...

the

...

latest

...

security

...

fixes

...

available.

...

This

...

implementation

...

introduces

...

several

...

new

...

and

...

stronger

...

cipher

...

suites

...

for

...

encrypting

...

control

...

and

...

data

...

sessions.

...

Cipher

...

suite

...

defaults

...

for

...

new

...

installs

...

have

...

also

...

been

...

updated

...

to

...

reflect

...

changes

...

in

...

security

...

encryption

...

standards.

...

Existing

...

users

...

who

...

are

...

upgrading

...

from

...

older

...

Universal

...

Agent

...

versions

...

will

...

not

...

have

...

their

...

defaults

...

automatically

...

updated

...

and

...

should

...

consider

...

reviewing

...

these

...

to

...

ensure

...

that

...

any

...

corporate

...

security

...

standards

...

are

...

complied

...

with.

...

New Cipher Suites

The following new SSL Cipher Suites have been made available:

  • AES128-GCM-SHA256

...

  • -

...

  • 128-bit

...

  • AES

...

  • encryption

...

  • in

...

  • Galois

...

  • Counter

...

  • Mode,

...

  • SHA-2

...

  • 256-bit

...

  • message

...

  • digest.

...

  • AES256-GCM-SHA384

...

  • -

...

  • 256-bit

...

  • AES

...

  • encryption

...

  • in

...

  • Galois

...

  • Counter

...

  • Mode,

...

  • SHA-2

...

  • 384-bit

...

  • message

...

  • digest.

...


  •  
    Note
    titleNote

    RC4_*

...

  • and

...

  • DES_*

...

  • SSL

...

  • cipher

...

  • suites

...

  • will

...

  • be

...

  • deprecated

...

  • in

...

  • a

...

  • future

...

  • release

...

  • of

...

  • Universal

...

  • Agent.

...

Configuration File Security Changes

Universal Agent configuration files default access rights have been changed to owner and group read only.

Universal Encrypt Enhancements

The –aes option for uencrypt now defaults to yes, meaning that encrypted files will be by default use AES 256 bit encryption, previously the default was no which used DES 56 bit encryption. If customers do not supply their own key (-k option) an internal key is used for the encryption, this has been expanded to a 32 bit key. This means that Agent versions prior to 6.3.0.1

...

will

...

not

...

be

...

able

...

to

...

use

...

uencrypted

...

files

...

generated

...

with

...

the

...

new

...

defaults,

...

this

...

affects

...

managers

...

(ucmd,

...

udm,

...

etc)

...

and

...

the

...

Universal

...

Controller

...

CLI.

...

A

...

new

...

legacy

...

option

...

for

...

the

...

–aes

...

option

...

will

...

force

...

the

...

new

...

version

...

to

...

use

...

the

...

old

...

internal

...

key

...

to

...

maintain

...

backward

...

compatibility.

...

Universal Data Mover Peer Authentication

UDM now supports peer authentication. This allows a UDM manager to validate the identity via host-name and/or serial number of a remote Universal Broker certificate. Support has been added for both 2 party and 3rd party transfers.

SAP Process Chain Restart Enhancements

A USAP command ID can now be associated with an SAP process chain instance to facilitate a simplified restart process for failed SAP Process Chains.