If you are planning on upgrading to either 18.3(r1), 19.1 or 19.2 and if you have configured any custom ciphers for the admin server (i.e. System > Security > SSL Settings for Admin Server and Internal Connections > admin!ssl3_ciphers), the GUI may become inaccessible after the upgrade.
In 18.3 and above, vTM introduces a new version of TLS (1.3) which requires two ciphers[1] that are automatically appended to the list of any custom ciphers when TLS 1.3 is enabled. But due to a bug (VTM-41769) in the vTM upgrade script, it fails to append the ciphers[1] to the list of custom ciphers in admin!ssl3_ciphers. This breaks the GUI for most browsers that try to use TLS 1.3.
[1] TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384
The workaround is to edit the file $ZEUSHOME/admin/global.cfg and append your custom ciphers followed by the above 2 ciphers, as below:
tuning!ssl3_ciphers <custom list>,TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384
Replace the <custom list> with the list of ciphers. You can get the list from $ZEUSHOME/zxtm/conf/settings.cfg
, e.g.
grep ssl3_ciphers $ZEUSHOME/zxtm/conf/settings.cfg
admin!ssl3_ciphers <custom list>
Then restart the admin server using the following command:
$ZEUSHOME/admin/rc restart
($ZEUSHOME
is the installation directory, e.g. /usr/local/zeus
or /opt/zeus
, etc)
Note: Restarting the admin server doesn’t affect the client traffic.
This issue has been raised as VTM-41769, please search for this in future release notes to see if it's been fixed. If it hasn't been and the workaround is needed, please raise a support case so we can add your details to the above bug to raise its priority.