Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84865members
354358posts

TLS protocol version used for connecting to StruxureWare Data Center Expert?

EcoStruxure IT forum

A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.

greg.diel
Cadet
0 Likes
4
411

TLS protocol version used for connecting to StruxureWare Data Center Expert?

Hello all.  I have searched around in here looking for a specific answer but have not been able to locate anything.  Does anyone know what specific version of TLS is used for the SSL connection when connecting to the server from the client software.

 

We are currently running DCE 7.4.1.5 and I am in the process of getting a new VM deployed to drop the 7.9.0.192 OVA onto and build from scratch. 

 

TLS version is one of the items on our security checklist and i cannot find any documentation of protocol version, TLS 1.2 or TLS 1.3.  Does anyone know?

Tags (1)
4 Replies 4
JLehr
Lt. Commander Lt. Commander
Lt. Commander
0 Likes
3
401

Re: TLS protocol version used for connecting to StruxureWare Data Center Expert?

Hi @greg.diel,

 

There are changes in the DCE 7.9.0 UI as documented in the DCE 7.9.0 release notes:

 

The SSL option in the Server Access > Web server tab was removed. Private proxy and web server SSL/TLS are now included in a security policy you select.

 

The System > Server Administration Settings > Server Access option now includes a Security Policy tab. You select one of the cryptographic policies supported by the Data Center Expert server:

 

  • Future: Experimental. Most restrictive to withstand near-term future attacks
  • Default: Secure settings for current threat models
  • Legacy: Least restrictive for maximum compatibility
  • DCE: Recommended. Custom policy, less restrictive than Default and more restrictive than Legacy

The DCE policy is selected by default. The DCE policy is similar to the LEGACY policy except that it does not allow any RC4 or 3DES based ciphers.

These policies are applied consistently to running services and are kept up-to-date as part of Data Center Expert software updates.

 

See the documentation for security policy definitions from Red Hat here.

 

The latest version of DCE is 7.9.1. The DCE 7.9.1 release notes are here.

 

You might also find the DCE Sizing guide helpful.

 

Best,

 

Jackie

Tags (1)
greg.diel
Cadet
0 Likes
2
364

Re: TLS protocol version used for connecting to StruxureWare Data Center Expert?

Thanks you for those links however I couldn't find any documentation that specifically calls out what version of TLS is used.  We have a security checklist that requires that information.

 

  1. Data in TRANSIT. All Restricted and Confidential data must be encrypted in transit. 

 

What TLS version(s) is in use?

☐  TLS 1.2

☐  TLS 1.3

☒  Other: 

  • What cipher is used? (e.g. AES)
  • What is the key length? (e.g. 256-bit)

 

Anyone have any idea where this is documented?

Tags (1)
Shaun
Lt. Commander Lt. Commander
Lt. Commander
0 Likes
1
358

Re: TLS protocol version used for connecting to StruxureWare Data Center Expert?

Hi @greg.diel 

 

These are the cipher suites currently in use in 7.9.1 - the four policies can be selected from in the DCE client.

These can and will change in the future, by design, so this information will age, and is only tested against the currently released 7.9.1.

 

Default vs DCE - it's worth being clear on the naming here, Default is the name of RedHat's default policy.  DCE is the DCE's default policy.  So the policy named Default is not the out-of-the-box default.

 

These tables are the result of in-situ testing.  I don't know if we have this formally documented anywhere, and I wouldn't want to commit to it until I've automated producing these tables.

 

  Future Default DCE Legacy
TLSv1.2 Y Y Y Y
TLSv1.1     Y Y
TLSv1.0     Y Y

 

  Future Default DCE Legacy
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
      Y
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  Y Y Y
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  Y Y Y
TLS_DHE_RSA_WITH_AES_128_CCM
  Y Y Y
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  Y Y Y
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  Y Y Y
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  Y Y Y
TLS_DHE_RSA_WITH_AES_256_CCM
Y Y Y Y
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Y Y Y Y
 
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Y Y Y Y
 
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
      Y
 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  Y Y Y
 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  Y Y Y
 
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  Y Y Y
 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  Y Y Y
 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Y Y Y Y
 
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Y Y Y Y
 
TLS_ECDHE_RSA_WITH_RC4_128_SHA
      Y
 
TLS_RSA_WITH_3DES_EDE_CBC_SHA
      Y
 
TLS_RSA_WITH_AES_128_CBC_SHA
  Y Y Y
 
TLS_RSA_WITH_AES_128_CBC_SHA256
  Y Y Y
 
TLS_RSA_WITH_AES_128_CCM
  Y Y Y
 
TLS_RSA_WITH_AES_128_GCM_SHA256
  Y Y Y
 
TLS_RSA_WITH_AES_256_CBC_SHA
  Y Y Y
 
TLS_RSA_WITH_AES_256_CBC_SHA256
  Y Y Y
 
TLS_RSA_WITH_AES_256_CCM
  Y Y Y
 
TLS_RSA_WITH_AES_256_GCM_SHA384
  Y Y Y
TLS_RSA_WITH_RC4_128_SHA
 
      Y

 

Tags (1)
Nelson84654
Crewman
Crewman
0 Likes
0
320

Re: TLS protocol version used for connecting to StruxureWare Data Center Expert?

Have you found a solution for this, I have exactly the same.

Tags (1)