Cisco Bug: CSCuq55666 - Cluster communication should not rely only on CBC ciphers
Nov 27, 2020
- Cisco IronPort Email Security Appliance Software
Known Affected Releases
11.1.0-131 8.0.2-055 8.5.6-092 9.7.1-066
Symptom: ESA cluster uses CBC (aes-cbc, 3des-cbc or blowfish-cbc) ciphers to communicate with each other in the cluster. if customer tries to remove them under sshconfig -> sshd ESAs will not be able to join cluster Error presented: 'Unexpected EOF on connect'" Having this restriction, customer's vulnerability tests are failing due to CVE-2008-5161 Conditions: ESAs cannot join cluster if aes-cbc, 3des-cbc and blowfish-cbc ciphers are removed from the list of SSH ciphers.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases