IBM Security QRadar SOAR

 View Only
  • 1.  Getting SSL Error while using fn_utilities function

    Posted Tue March 23, 2021 08:43 AM
      |   view attached
    Hi Team,

    We are receiving SSL Error while making request via REST API. I have attached the screenshot with this post.

    Below is the error observed on backend logs (resilient circuits server):

    resilient_lib.components.integration_errors.IntegrationError: "HTTPSConnectionPool(host='systemx.platform.securityhq.com', port=8443): Max retries exceeded with url: /api/command (Caused by SSLError(SSLError(1, '[SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:877)'),))"

    Primarily observing the logs, it seems that this is an issue with TLS version. The server allows only TLS 1.3 version. However, the resilient_circuits is using version below 1.3. Hence, the handshake might not be happening here.

    To solve this issue, I tried to upgrade the pyOpenSSL package to highest version. However, it didn't help.

    Can you please let us know how we can create requests from Resilient using TLS version 1.3 ? This is very important for us as a part of service deliverable.

    Thanks,

    ------------------------------
    Akhilesh Deshmukh,
    Data Analyst, SecurityHQ
    ------------------------------


  • 2.  RE: Getting SSL Error while using fn_utilities function

    Posted Tue March 23, 2021 08:06 PM

    I did a little research and the key to TLS1.3 seems to be the OpenSSL package. The container for App Host uses 1.1.1i which seems to be the correct version to support TLS1.3.
    I've seen some discussion which seems to include the follow directive to force a TLS1.3 handshake by indicating no TLS1.0, TLS1.1 or TLS1.2 handshake should be performed:

    context = ssl.SSLContext(ssl.PROTOCOL_TLS)
    context.options |= (ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2)

    I haven't tested this yet. The trick will be how to specify this setting when you want it and when to allow the handshake to occur normally. That may require extra parameters to this function.

    I'll hope to have an update soon on my findings.



    ------------------------------
    Mark Scherfling
    ------------------------------



  • 3.  RE: Getting SSL Error while using fn_utilities function

    Posted Wed March 24, 2021 06:18 AM
    Hi Mark,

    Thanks for your response. I came across this code snippet. However, I am getting issues as to how to include this code while making API call using fn_utilities function. "Call Rest API" from utilities function allows me to use only certain parameters to pass. 

    Thanks,

    ------------------------------
    Akhilesh Deshmukh,
    Data Analyst, SecurityHQ
    ------------------------------