9.3 On Satellite Servers

To address the SWEET32 vulnerability on the Satellite Servers, exclude the following set of ciphers in the zenworks-ssl.conf file. Manually create the zenworks-ssl.conf file in the following locations:

  • On Windows: ZENworks install path/novell/zenworks/conf/

  • On Linux: /etc/opt/novell/zenworks/conf/

Add the ExcludeCipherSuites key name in the zenworks-ssl.conf file. The key name should not be modified:

ExcludeCipherSuites=SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA

NOTE:By default ciphers are not excluded to address the SWEET32 vulnerability, as the communication breaks between agents with Windows XP and Satellite Servers.

IMPORTANT:Fixing the SWEET32 vulnerability requires to remove weak ciphers. This causes older Windows versions to have less or no common ciphers to establish communication with the server. Hence, fixing SWEET32 vulnerability issue breaks communication from Windows XP or Windows 2003 devices.