Troubleshooting
Problem
When running show ssl ciphers command in the Guardium CLI after installing p6007 you see the message: The cipherlist was corrupt and has been reset to DEFAULT: AES256-SHA, DES-CBC3-SHA,AES128-SHA,RC4-SHA,RC4-MD5 These changes will only take effect after the inspection core is restarted ('restart inspection-core')
Cause
Install of p6007 should update the cipher list that Guardium can use for TLS connections. If it is not updated at this time the "show ssl ciphers" command will update it and display the above message.
Reasons for the cipher list to not update on the patch install could be:
- CLI window was not closed and reopened after install of p6007. In the p6007 release notes:
- Configuration backup taken before p6007 install was restored to appliance.
- "For this patch to take effect, after a successful installation, you must exit CLI and then log back into CLI. If this is not done, the requisite changes to CLI commands will not take effect."
Resolving The Problem
If you have seen the message above there is no longer a problem. Run "show ssl ciphers" again to verify the ciphers are correct. For example:
guardium1.ibm.com> show ssl ciphers
The inspection core is using the DEFAULT ciphers: AES256-SHA,DES-CBC3-SHA,AES128-SHA,RC4-SHA,RC4-MD5
ok
Related Information
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21902585