cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

12.3.3 Upgrades Makes Unwanted Changes to SSL Configuration

chris_v
Dynatrace Pro
Dynatrace Pro

Upgrading my test environment from 12.3.2 to 12.3.3 the following unwanted changes were made.

Unsure if this behaviour is the same in prior releases, this is the first time I've checked.

CSS 12.3.0 -> 12.3.3

custom private key and certificate was overwritten with the Compuware default. The keystore file was replaced/overwritten entirely.

Enabled/disabled cipher suites modified*.

RUMC 12.3.2 -> 12.3.3

Custom key/certificate was unchanged.

Enabled/disabled cipher suites were modified*.

CAS/ADS 12.3.2 -> 12.3.3

Custom key/certs unchanged.

Enabled/disabled cipher suites modified*.

 

*as this is a test environment, I've disabled the DH/ECE cipher suites (TLS1.2) so an AMD can decrypt the traffic, requiring a RSA cipher suit. These changes were all changed back to DHECE suites being enabled.  I understand this is an unusual use case, but you don't expect config settings to change during an upgrade.

 

1 REPLY 1

chris_v
Dynatrace Pro
Dynatrace Pro

12.3.4 continues this behavior as above.

I can add however, AMD upgrade (12.3.3 - 12.3.4) does not overwrite custom key/certificates for rtmgate or guided config (CBA-agent).