On 04/10/2014 06:14 PM, [email protected] wrote:
I read the report, but it's not clear to me whether I need to revoke all
agent keys and regenerate new ones? I don't have ossec-authd running.
In fact I only recently recompiled OSSEC with the SSL headers in order
to use ossec-authd at all (for automation). Which left me more confused:
how do the agent keys ensure encrypted traffic using the 'secure' method
if the SSL headers were not there previously? Is some other encryption
type used?
If you're not using ossec-authd you don't need to do anything. If you
are, as a precaution, it is recommended to recompile ossec-authd with
updated libraries, and revoke and reissue your keys.
The normal way to encrypt traffic in OSSEC is via the Blowfish
algorithm, which is a symmetric cipher and by itself is not affected.
SSL starts out using asymmetric ciphers to exchange a symmetric key
(like blowfish). The ossec-authd implementation makes use of SSL so the
Blowfish key can be sent securely to the agents. Once that gets out of
the way, or if you are not using ossec-authd at all, there is no more
asymmetric (SSL) stuff involved.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
