You are accessing information about a product or version that is no longer supported. Please refer to the Product Life Cycle page for information about the migration path and currently supported products.
Checking the SSL ciphers suites used by RSA Authentication Manager 8.2-8.7 SP2
Originally Published: 2017-09-03
Article Number
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2 up to and including 8.7 SP2
Issue
Resolution
RSA Authentication Manager 8.x use Oracle WebLogic for HTTPS services such as the Security Console, Operations Console & Operations Console however there are other ports used by other services that use cipher suites.
The Oracle WebLogic configuration file called config.xml located in the /opt/rsa/am/server/config folder defines the ciphers suites used by Oracle Web Logic.
A third-party utility called the Nmap Security Scanner found at URL https://nmap.org/ can be used to check the ciphers suites used by RSA Authentication Manager 8.x. This utility has Zenmap which is the official Nmap Security Scanner Graphical User Interface for a number of platforms (Linux, Windows, Mac OS, BSD, etc.).
Usage:
nmap -sV --script ssl-enum-ciphers <host>
nmap -sV --script ssl-enum-ciphers -p <port> <host>
nmap -sV --script ssl-enum-ciphers -p <port> <host>
Example:
nmap -sV --script ssl-enum-ciphers 192.168.100.140
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp192r1)
| - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(secp192r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(secp192r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp192r1)
| - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
(secp192r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(secp192r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange (secp192r1) of lower strength
than certificate key
|_ least strength: A
MAC Address: 00:50:56:04:1E:20 (VMware)
Service Info: OS: Windows; CPE: cpe:/
o:microsoft:windows
Service detection performed. Please report any
incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 82.56
seconds
