Relay Version 11 Issues

pcpeteusa · September 14, 2023, 3:03pm

Hello

I recently updated to version 11 on my windows BigFix server and relays. I am getting client log messages that the relay does not support secure registration. The clients are at version 10.0.8. We are not using that feature. WE are also not setting the TLS cipher list but in the relay log I see TLS Cipher List: HIGH:!ADH:!AECDH:!kDH:!kECDH:!kRSA:!PSK:!SRP:!SHA1 which I thought was odd. Checking the masthead file there are no ciphers defined and running the besadmin.exe/ securitysettings command nothing has been set.

Not sure why we are getting this error message. The clients that are getting this have been reporting in for a couple of years. This is new since the upgrade. Any help/ideas would be appreciated

dmccalla · September 14, 2023, 3:17pm

Did you happen to enforce TLS 1.3 via the BES Admin tool?

pcpeteusa · September 14, 2023, 3:21pm

No since we still have clients at 10.08 we haven’t enabled that feature

dmccalla · September 14, 2023, 3:25pm

Ok. You would see that message if you did but its not exclusive to enabling that. Just wanted to check that off the list. Are there any similar (e,g, RegisterOnce) log entries immediately after that one?

JasonWalker · September 14, 2023, 3:59pm

Enabling ‘Enhanced Security’ (disabling sha1 ciphers) was a prerequisite before upgrading to BigFix 11, in case the !SHA1 cipher disable is what surprised you - that’s the expected cipher list with BF 11.