connectors icon indicating copy to clipboard operation
connectors copied to clipboard
verified publisher icon OpenCTI-Platform

[CROWDSTRIKE] TLS Negotation issues on Alpine 3.17 (OpenSSL 3.0) UNSAFE_LEGACY_RENEGOTIATION_DISABLED

Open MaxwellDPS opened this issue 2 years ago • 1 comments

Description

Alpine 3.17 causes an intermittent UNSAFE_LEGACY_RENEGOTIATION_DISABLED

See https://github.com/dotnet/dotnet-docker/issues/4332#issuecomment-1384196212

Environment

  1. OS (where OpenCTI server runs): CentOS Stream 9
  2. OpenCTI version: 5.7.2
  3. OpenCTI client: Python (Connector SCOPE)
  4. Other environment details: Kubernetes deployment

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Run the CS connector on CENT OS Stream 9 w/ containerd and Alpine 3.17
  2. Sadness

Expected Output

Correct TLS negotiation

Actual Output

{"timestamp": "2023-04-28T19:48:26.834518Z", "level": "ERROR", "name": "pycti.connector", "message": "CrowdStrike connector internal error: HTTPSConnectionPool(host='api.crowdstrike.com', port=443): Max retries exceeded with url: /intel/combined/reports/v1(Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:1007)')))"}

Additional information

This should fix it

RUN sed -i 's/providers = provider_sect/providers = provider_sect\n\
ssl_conf = ssl_sect\n\
\n\
[ssl_sect]\n\
system_default = system_default_sect\n\
\n\
[system_default_sect]\n\
Options = UnsafeLegacyRenegotiation/' /etc/ssl/openssl.cnf

Screenshots (optional)

MaxwellDPS avatar Apr 28 '23 19:04 MaxwellDPS

May also be worth the lift to migrate to the official client -> https://github.com/CrowdStrike/falconpy

MaxwellDPS avatar Apr 28 '23 20:04 MaxwellDPS