Several vulnerabilities have been reported with the use of the SSL version 3
protocol in web traffic where the same byte stream (cookie) is repeated many
times and thus can be used for statistical analysis, see CVE-2013-2566 and
The successor of the SSL version 3 protocol, TLS version 1.0, only includes minor
enhancements and the use of this protocol version is also not recommended.
Resolution / Workaround
Hotfix HFBM-0055 adds more detailed configuration options for the SSL/TLS protocol
used in the BoKS Manager GUI, httpsrv. Specifically, this hotfix makes it
possible to only allow a specific version of the SSL/TLS protocol.
The hotfix is available for download from the HelpSystems Community Portal.
The hotfix installation by default configures httpsrv to only allow
protocol version TLSv1.1 and cipher AES128-SHA.
The default configuration can be modified using the $BOKS_etc/ENV variables
HTTPSRV_TLSVER and HTTPSRV_CIPHERS.
HTTPSRV_TLSVER - Default 1.1. Valid values, 1.0, 1.1, 1.2.
HTTPSRV_CIPHERS - Default AES128-SHA. Examples of cipher specifications can be
found at https://www.openssl.org/docs/apps/ciphers.html.
Note1: Valid cipher suites depend on the TLS protocol version
Note2: The server certificate in the BoKS Master host virtual card
uses an RSA key-pair, thus only cipher suites for RSA
certificates can be used.
The default configuration requires use of a web browser that supports TLS
protocol version 1.1 to access the BoKS Manager GUI.
Still have questions? We can help. Submit a case to Technical Support.