Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm Post: 302979177

Sponsored Content

Operating Systems Solaris Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm Post 302979177 by jim mcnamara on Wednesday 10th of August 2016 12:19:27 PM

08-10-2016

Registered User

what version of Solaris has this issue? If you patched the system regularly this this was resolved in 2009.

These patches fix the problem:

Code:

Sparc:
    Solaris 9 without patch 122300-38
    Solaris 10 without patch 140774-02

x86 Platform:

    Solaris 9 without patch 122301-38
    Solaris 10 without patch 140775-02

If you have Oracle support contact them for help. You will have to have support anyway to get access to any patches. I do not think V9 patches are available anymore - maybe someone else knows more about v9 patches. At any rate the correct way to fix these issues is with a patch.

If I understand correctly:
You do not want to disable encryption. Period. Unless a misguided auditor tells you to do this in writing. You could be out of a job quickly.
Here is why: ssh may not talk to any other ssh client or server. The sshd.conf file specifies what encryption you use - the default for Solaris 10 was AES128, IRRC, for example.

So what Solaris version do you have, please show the output of:

Code:

uname -a
cat /etc/release

jim mcnamara

View Public Profile for jim mcnamara

Find all posts by jim mcnamara

7 More Discussions You Might Find Interesting

1. Cybersecurity

MD5 to DES encryption

Is it possible to change the type of encryption from MD5 to DES without removing a user? Way back when this server was created, users were created with the MD5 encryption. Now, all users created with DES encryption. Is it possible to just change the type of password encryption? Users using...

2. AIX

How to disable encryption below 128 bit in Websphere ?

Hi, Hi I have setup Websphere Portal and Apache server on Solaris. The problem is that clients are allowed to negotiate lower encryption levels and by default the Websphere Apache HTTP server accepts 56-bit keys (your Firefox client requested 256-bit AES below). So How to disable...

3. Solaris

md5 encryption on solaris 8

is there patches enable passwords of greater than 8 characters with only md5 encryption (rather than the older crypt) for solaris 8. I am migrating a number of solaris 8 domains to branded zones.

4. Cybersecurity

How to Disable Ciphers and Reconfigure Encryption?

Hello, I recently had a Retina scan of my system and there are some findings I do not understand. SSL Week Cipher Strength Supported - Retina has detected that the targeted SSL Service supports a cryptographically weak cipher strength... Disable ciphers that support less than 128-bit...

5. Cybersecurity

File encryption tools with MAC address as an encryption key

Hi all, I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS. For example: when A wants to send file to B A will encrypt the file with B's computer MAC/IP address as an encryption key This file can only be decrypted...

6. Solaris

Solaris 8 MD5 encryption support

Hi, I did some NIS migration tests recently. The target is to migrate the NIS server from Solaris 8 to Redhat Linux 6.5. And, I found there are encryption issues while Linux NIS using MD5 hashing password for authentication whereas Solaris 8 clients using DES encryption. It causes issues...

7. UNIX for Advanced & Expert Users

Disabling CBC Cipher mode causes login problems

Hi, As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption. To do this, in sshd_config I comment out these lines : Ciphers aes128-cbc,blowfish-cbc,3des-cbc MACS hmac-sha1,hmac-md5 and add...

LEARN ABOUT LINUX

edit-patch

EDIT-PATCH(1)                                                 General Commands Manual                                                EDIT-PATCH(1)

NAME

       edit-patch, add-patch - tool for preparing patches for Debian source packages

SYNOPSIS

       edit-patch path/to/patch

       add-patch path/to/patch

DESCRIPTION

       edit-patch is a wrapper script around the Quilt, CDBS, and dpatch patch systems. It simplifies the process of preparing and editing patches
       to Debian source packages and allows the user to not have to be concerned with which patch system is in use.   Run  from  inside  the  root
       directory of the source package, edit-patch can be used to edit existing patches located in debian/patches.

       It can also be used to incorporate new patches.  If pointed at a patch not already present, it will copy the patch to debian/patches in the
       correct format for the patch system in use.  Next, the patch is applied and a subshell is opened in order to edit the patch.   Typing  exit
       or pressing Ctrl-d will close the subshell and launch an editor to record the debian/changelog entry.

       edit-patch  is  integrated  with  the  Bazaar  and Git version control systems.  The patch will be automatically added to the tree, and the
       debian/changelog entry will be used as the commit message.

       If no patch system is present, the patch is applied inline, and a copy is stored in debian/patches-applied.

       add-patch is the non-interactive version of edit-patch.  The patch will be incorporated but no editor or subshell will be spawned.

AUTHORS

       edit-patch was written by Daniel Holbach <daniel.holbach@canonical.com>,  Michael  Vogt  <michael.vogt@canonical.com>,  and  David  Futcher
       <bobbo@ubuntu.com>.

       This manual page was written by Andrew Starr-Bochicchio <a.starr.b@gmail.com>.

       Both are released under the terms of the GNU General Public License, version 3.

DEBIAN                                                           Debian Utilities                                                    EDIT-PATCH(1)