Subscribing is a smart move!
You can subscribe to this board after you log in or create your free account.
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
Link copied. Please paste this link to share this article on your social media post.
📖 Home Back
ClearSCADA uses a SSL server that supports a number of ciphers including the Null cipher (TLS_RSA_WITH_NULL_SHA and TLS_RSA_WITH_NULL_MD5). The Null ciphers are a 0-bit SSL cipher which do not provide encryption for any connection using the cipher and, depending on the environment, could be the negotiated cipher used for the 'secure' communications between WebX and the ClearSCADA server. The result of this is that any network traffic is transmitted in plain text and could be eavesdropped.
It is possible to disable the Null ciphers in ClearSCADA using the following procedure:
1. In the ClearSCADA Server Configuration pointing to all your WebX servers log in to each server as a ClearSCADA user with System Administration priviledges
2. Select the 'Registry' settings.
3. Modify the two keys (as indicated in the screen shots below in red) and apply the changes.
may3_12_1.jpgmay3_12_1.jpg
may3_12_2.jpgmay3_12_2.jpg
4. Restart ClearSCADA on the relevant servers for the changes to take effect.
By disabling the two Null ciphers, should the client fail to negotiate any of the more secure ciphers, it will not fall back to Null cipher and will instead show an error to the end-user.
Go: Home Back
Problem
ClearSCADA uses a SSL server that supports a number of ciphers including the Null cipher (TLS_RSA_WITH_NULL_SHA and TLS_RSA_WITH_NULL_MD5). The Null ciphers are a 0-bit SSL cipher which do not provide encryption for any connection using the cipher and, depending on the environment, could be the negotiated cipher used for the 'secure' communications between WebX and the ClearSCADA server. The result of this is that any network traffic is transmitted in plain text and could be eavesdropped.
Solution
It is possible to disable the Null ciphers in ClearSCADA using the following procedure:
1. In the ClearSCADA Server Configuration pointing to all your WebX servers log in to each server as a ClearSCADA user with System Administration priviledges
2. Select the 'Registry' settings.
3. Modify the two keys (as indicated in the screen shots below in red) and apply the changes.
may3_12_1.jpgmay3_12_1.jpgmay3_12_2.jpgmay3_12_2.jpg
4. Restart ClearSCADA on the relevant servers for the changes to take effect.
By disabling the two Null ciphers, should the client fail to negotiate any of the more secure ciphers, it will not fall back to Null cipher and will instead show an error to the end-user.
Go: Home Back
Author
Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.