Guest

Preview Tool

Cisco Bug: CSCuq55666 - Cluster communication should not rely only on CBC ciphers

Last Modified

Aug 31, 2020

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

11.1.0-131 8.0.2-055 8.5.6-092 9.7.1-066

Description (partial)

Symptom:
ESA cluster uses CBC (aes-cbc, 3des-cbc or blowfish-cbc) ciphers to communicate with each other in the cluster. if customer tries to remove
them under sshconfig -> sshd ESAs will not be able to join cluster
Error presented: 'Unexpected EOF on connect'"
 
Having this restriction, customer's vulnerability tests are failing due to CVE-2008-5161

Conditions:
ESAs cannot join cluster if aes-cbc, 3des-cbc and blowfish-cbc ciphers are removed from the list of SSH ciphers.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.