Summary

When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082. 

Products Affected

Brocade SANnav before v2.3.0a

Solution

The security update is provided in Brocade v2.3.1, v2.3.0a, and later releases.

Workaround

Manually remove the ciphers in configuration files.
AES256+EECDH
AES256+EDH
TLS_DHE_RSA_WITH_AES_128_CBC_SHA         
TLS_DHE_RSA_WITH_AES_256_CBC_SHA        
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA    
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA    

Contact your service provider for assistance in manually removing the ciphers. 

Credit

DELL reported the issue to Brocade.

 Revision History

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.