Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-11471: How to configure network encryption types Ciphers on CPS on-prem Connectors

Privileged Access Service ,  

15 December,18 at 12:23 AM

Question: How to configure network encryption types Ciphers on CPS on-prem Connectors?

Answer

Please Follow the instructions below.

1.  Login to Admin Portal

2. Navigate to Settings > Customization > Advanced Configuration,  add the following keys to reconfigure the values.  Note that I provided the default set of values and pared down of values which addresses security vulnerability in our QA testing. Customer can add/remove the values as needed.

a) Key: Cps.NativeSshEncryptionAlgorithms

Default set of values when the above key is not added (these have some unsecured types) : aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,arcfour256,arcfour128,arcfour,cast128-cbc,aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com

Additional for pared down of values to address security vulnerability: aes256-ctr,aes192-ctr,aes128-ctr,3des-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com

b) Key: Cps.NativeSshMacAlgorithms

Default set of values when the above key is not added (these have some unsecured types) :  hmac-sha1,hmac-md5,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1-96,hmac-md5-96,hmac-sha2-256-96,hmac-sha2-512-96,hmac-ripemd160-96

Additional for pared down of values to address security vulnerability:

hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160

3. After the keys are added, restart the Connectors.

Note: This feature is only available in 18.9 or newer. 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.