Novell Home

My Favorites

Close

Please to see your favorites.

Firefox error console reports "server does not support RFC 5746, see CVE-2009-3555" error

This document (7008600) is provided subject to the disclaimer at the end of this document.

Environment

Novell Access Manager 3.1 Linux based Access Gateway Service on SLES 11
Novell Access Manager 3.1 Support Pack 3 applied

Situation

Access Manager configured and working fine - users accessing protected resources on the 
Linux based Access Gateway service (AGS) can authenticate and get access to the applications.
However when hitting a protected resource on the AGS, an error is returned that the AGS
does NOT support rfc 5746 on SSL renogotiations. This was supposedly addressed in Access Manager
3.1 SP3 for all components.

To duplicate:

a) clear Firefox Error Console messages in Firefox by clicking on Tools->Error
Console -> Clear.

b) Go to any URL on the AGS:

https://www.novell.com.com/passwordhelp/commercial/CreateAccount.aspx?sessionkey=604D73B8-9465-7CC2-A29E-C64EF7679168

c) Look at the error console and you will see multiple messages of the
following format:

www.novell.com : server does not support RFC 5746, see CVE-2009-3555

Resolution

Make sure that the SLES11 platform that the AGS is running on has the latest OpenSSL modules. In our case version 30.22 took care of the issue. The SLES11 SP1 patch would also have taken care of the issue as it ships with


libopenssl0_9_8-0.9.8h-30.30.1.x86_64.rpm

openssl-0.9.8h-30.30.1.x86_64.rpm


The AGS on Linux uses the openssl libraries from the server itself. The Windows equivalent includes the openSSL binaries.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7008600
  • Creation Date:18-MAY-11
  • Modified Date:26-APR-12
    • NetIQAccess Manager (NAM)

Did this document solve your problem? Provide Feedback