Imperva Cyber Community

 View Only
  • 1.  Hades warning message

    Posted 17 days ago
    In On-Premises v13.6, the following TLS related messages are occurring in /var/log/message.

    2022-07-26T04:42:33.753467+09:00 localhost kernel:[6060141.139029] hades warn: TLS minor version is not recognized:
    2022-07-26T05:34:23.075467+09:00 localhost kernel:[6063253.604297] hades warn: TLS minor version is not recognized:
    2022-07-26T05:57:23.306136+09:00 localhost kernel:[6064635.231912] hades warn: TLS minor version is not recognized:
    2022-07-26T06:26:53.253404+09:00 localhost kernel:[6066406.967202] hades warn: TLS minor version is not recognized:
    2022-07-26T09:00:49.352207+09:00 localhost kernel:[6075652.302399] hades warn: TLS minor version is not recognized:
    2022-07-26T09:48:16.039507+09:00 localhost kernel:[6078501.861340] hades warn: TLS minor version is not recognized:
    2022-07-26T12:19:13.194091+09:00 localhost kernel:[6087568.149641] hades warn: TLS minor version is not recognized:
    2022-07-26T12:19:13.612255+09:00 localhost kernel:[6087568.568267] hades warn: TLS minor version is not recognized:

    What causes messages like this to occur?
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Mirae Kim
    Tech
    Seoul
    ------------------------------


  • 2.  RE: Hades warning message

    Posted 17 days ago

    Hi,

    I'm assuming it's a WAF.
    If yes, I think you should upgrade to the newest version, if you can.
    It looks like, that WAF does understand the TLS algorithm with stronger ciphers.
    Look at the MX GUI and check if you see the "SSL untraceable......" logs.
    Maybe will be necessary to switch the gateway to the next-generation proxy mode.
    https://docs.imperva.com/bundle/v14.6-waf-release-notes/page/73386.htm



    ------------------------------
    Karol Gruszczyński
    IT Security Expert
    Trafford IT
    Warsaw
    ------------------------------



  • 3.  RE: Hades warning message

    Posted 9 days ago
    Thank you for answer.

    Warning message about TLS version enhanced by NGRP?
    Can I think of it as a message about TLS 1.3 support?
    As far as I know TLS 1.3 is supported by v14.x (x is not correct) and higher.

    If a message like this occurs, is it because TLS 1.3 is used during traffic flowing to the Gateway? That's how I understood it.

    I checked the logs for "SSL untraceable......" but nothing happened.
    So what causes this message to occur?

    ------------------------------
    Mirae Kim
    Tech
    Seoul
    ------------------------------