Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Hades warning message

    Posted 07-26-2022 23:44
    In On-Premises v13.6, the following TLS related messages are occurring in /var/log/message.

    2022-07-26T04:42:33.753467+09:00 localhost kernel:[6060141.139029] hades warn: TLS minor version is not recognized:
    2022-07-26T05:34:23.075467+09:00 localhost kernel:[6063253.604297] hades warn: TLS minor version is not recognized:
    2022-07-26T05:57:23.306136+09:00 localhost kernel:[6064635.231912] hades warn: TLS minor version is not recognized:
    2022-07-26T06:26:53.253404+09:00 localhost kernel:[6066406.967202] hades warn: TLS minor version is not recognized:
    2022-07-26T09:00:49.352207+09:00 localhost kernel:[6075652.302399] hades warn: TLS minor version is not recognized:
    2022-07-26T09:48:16.039507+09:00 localhost kernel:[6078501.861340] hades warn: TLS minor version is not recognized:
    2022-07-26T12:19:13.194091+09:00 localhost kernel:[6087568.149641] hades warn: TLS minor version is not recognized:
    2022-07-26T12:19:13.612255+09:00 localhost kernel:[6087568.568267] hades warn: TLS minor version is not recognized:

    What causes messages like this to occur?
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Mirae Kim
    Tech
    Seoul
    ------------------------------


  • 2.  RE: Hades warning message

    Posted 07-27-2022 07:50

    Hi,

    I'm assuming it's a WAF.
    If yes, I think you should upgrade to the newest version, if you can.
    It looks like, that WAF does understand the TLS algorithm with stronger ciphers.
    Look at the MX GUI and check if you see the "SSL untraceable......" logs.
    Maybe will be necessary to switch the gateway to the next-generation proxy mode.
    https://docs.imperva.com/bundle/v14.6-waf-release-notes/page/73386.htm



    ------------------------------
    Karol Gruszczyński
    IT Security Expert
    Trafford IT
    Warsaw
    ------------------------------



  • 3.  RE: Hades warning message

    Posted 08-04-2022 01:44
    Edited by Mirae Kim 08-04-2022 01:58
    Thank you for answer.

    Warning message about TLS version enhanced by NGRP?
    Can I think of it as a message about TLS 1.3 support?
    As far as I know TLS 1.3 is supported by v14.x (x is not correct) and higher.

    If a message like this occurs, is it because TLS 1.3 is used during traffic flowing to the Gateway? That's how I understood it.

    I checked the logs for "SSL untraceable......" but nothing happened.
    So what causes this message to occur?

    ------------------------------
    Mirae Kim
    Tech
    Seoul
    ------------------------------