Last Modified: Dec 20, 2023
Affected Product(s):
APM-Clients APM
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2
Opened: Jun 10, 2020 Severity: 3-Major
Microsoft Windows may fail to establish a DTLS connection if the certificate key for the SHA-2 algorithm (SHA-256, SHA-384, and SHA-512) is not available for 'Microsoft Enhanced RSA and AES Cryptographic Provider'.
VPN connection on Windows may fail to establish DTLS 1.2 connection and fallback to TLS (establish VPN connection using TLS).
-- APM Network Access resource configured with DTLS. -- DTLS v1.2 virtual server configured with client certificate 'request' or 'required' option.
1. Import the client certificate key into 'Microsoft Enhanced RSA and AES Cryptographic Provider'. 2. When creating certificate packages, explicitly specify the crypto provider: Microsoft Enhanced RSA and AES Cryptographic Provider. For example use -CSP argument with OpenSSL command: openssl pkcs12 -export -in client_auth.crt -inkey client_auth.key -out client_auth_2.pkcs12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
None