IBM Support

Guardium CLI show ssl ciphers message "The cipherlist was corrupt and has been reset to DEFAULT..."

Troubleshooting


Problem

When running show ssl ciphers command in the Guardium CLI after installing p6007 you see the message: The cipherlist was corrupt and has been reset to DEFAULT: AES256-SHA, DES-CBC3-SHA,AES128-SHA,RC4-SHA,RC4-MD5 These changes will only take effect after the inspection core is restarted ('restart inspection-core')

Cause

Install of p6007 should update the cipher list that Guardium can use for TLS connections. If it is not updated at this time the "show ssl ciphers" command will update it and display the above message.

Reasons for the cipher list to not update on the patch install could be:

  • CLI window was not closed and reopened after install of p6007. In the p6007 release notes:
      • "For this patch to take effect, after a successful installation, you must exit CLI and then log back into CLI. If this is not done, the requisite changes to CLI commands will not take effect."
  • Configuration backup taken before p6007 install was restored to appliance.

Resolving The Problem

If you have seen the message above there is no longer a problem. Run "show ssl ciphers" again to verify the ciphers are correct. For example:


guardium1.ibm.com> show ssl ciphers
The inspection core is using the DEFAULT ciphers: AES256-SHA,DES-CBC3-SHA,AES128-SHA,RC4-SHA,RC4-MD5
ok

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.1;9.0;8.2","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21902585

Page Feedback