Is there a way I can disable SSLv2 on my Audit nodes running iGateway? It is showing up as a vulnerability.

Document ID : KB000054185
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The iGateway is a shared component among several different CA products. The updated version of iGateway has not been certified with all CA products. Please check with the individual CA products that you have installed on your machine before applying this new version of iGateway.

Note: This document assumes that you are only running CA Audit on a particular machine with no other CA products.

Solution:

Gateway version 4.5.0.7 and later provides support for disabling SSLV2. SSLv2 is the default setting for iGateway.

CA recommends only using iGateway 4.5 or above with Audit version R8 SP1 CR3. Please make sure that you check any other CA products that use the iGateway components on a particular machine and verify that component is supported with iGateway 4.5.

Should you have to upgrade Audit to install the updated iGateway, be aware that the Audit server components of Data Tools and Policy Manager should be upgraded before any Audit Client components.

You can download iGateway 4.5.0.7 from the link in this Technical Document. Unzip the iGateway_win32_4.5.0.7_Build081112.zip file, copy iGateway_win32_4.5.0.7_Build081112.exe to the server(s) where you need to upgrade iGateway and double click the .exe file to run the upgrade install.

Once you have upgraded iGateway to 4.5.0.7 (or if you are already running iGateway 4.5.0.7 or newer) please complete the following steps to configure iGateway to use your chosen SSL version.

  1. Stop CA iTechnology iGateway service.

  2. Edit the following tag in the iGateway.conf file (found in ....Program Files\CA\Shared Components\iTechnology directory):

    <secureProtocol></secureProtocol>

    Figure 1

  3. Add one of the following modes between the <secureProtocol></secureProtocol> tags:

    • SSLV2

    • SSLV3

    • SSLV23

    • TLSV1

      Figure 2

      Note: This example shows using the SSLv3 mode. The default when the <secureProtocol> tags are blank is SSLv2.

  4. Save the iGateway.conf file.

  5. Restart the CA iTechnology/iGateway service.
File Attachments:
TEC484038.zip