Environment
Novell Access Manager 3.1 Linux based Access Gateway Service on SLES 11
Novell Access Manager 3.1 Support Pack 3 applied
Novell Access Manager 3.1 Support Pack 3 applied
Situation
Access Manager configured and working fine - users accessing protected resources on the
Linux based Access Gateway service (AGS) can authenticate and get access to the applications.
However when hitting a protected resource on the AGS, an error is returned that the AGS
does NOT support rfc 5746 on SSL renogotiations. This was supposedly addressed in Access Manager
3.1 SP3 for all components.
To duplicate:
a) clear Firefox Error Console messages in Firefox by clicking on Tools->Error
Console -> Clear.
b) Go to any URL on the AGS:
https://www.novell.com.com/passwordhelp/commercial/CreateAccount.aspx?sessionkey=604D73B8-9465-7CC2-A29E-C64EF7679168
c) Look at the error console and you will see multiple messages of the
following format:
www.novell.com : server does not support RFC 5746, see CVE-2009-3555
Resolution
Make sure that the SLES11 platform that the AGS is running on has the latest OpenSSL modules. In our case version 30.22 took care of the issue. The SLES11 SP1 patch would also have taken care of the issue as it ships with
The AGS on Linux uses the openssl libraries from the server itself. The Windows equivalent includes the openSSL binaries.
libopenssl0_9_8-0.9.8h-30.30.1.x86_64.rpm
openssl-0.9.8h-30.30.1.x86_64.rpm
The AGS on Linux uses the openssl libraries from the server itself. The Windows equivalent includes the openSSL binaries.