Stronger SSL options with ALM and SSL/TLS?

  • Questions
  • Stronger SSL options with ALM and SSL/TLS?
Question ID: 108042
0
0

Our scanner has found that ALM is running SSL with weak protocols and ciphers such as SSL Version 2 and 3 Protocol Detection, SSL 64-bit Block Size Cipher Suites Supported (SWEET32) and SSL RC4 Cipher Suites Supported (Bar Mitzvah).

How can we edit the configuration to fix these 3 items. Our tool says to "Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support."

Marked as spam
Posted by (Questions: 74, Answers: 4)
Asked on December 19, 2017 6:43 pm
18 views
Answers (1)
0
Private answer

HPE/Microfocus does NOT recommend attempting to change the SSL/TLS protocols or ciphers directly under ALM.

Currently, the ALM versions which support (limited support) TLS 1.2 are ALM 12/50 Patch 5 and 12.55 however these versions have some limitations: (see below from 12.50-P5/12.55 Readme)

++++++++++++

12.50 P5 and 12.55:
TLS 1.2 Limitations

* Lab Host: Lab Host is not supported when ALM is configured with TLS 1.2.

* ALM Webgate Customization tool: If an external tool (e.g., UFT, Load Runner, Business Views Excel reports) is using the ALM Webgate Customization tool, TLS 1.2 is not supported when logging in to ALM.

* Excel add-in: .NET 4.5 is a prerequisite for working with TLS 1.2.

++++++++++++

Therefore, regrettably there is not yet any ALM version which has full support for TLS 1.2.

Marked as spam
Posted by (Questions: 3, Answers: 466)
Answered on December 19, 2017 6:53 pm