ClearSCADA

Problem

ClearSCADA uses a SSL server that supports a number of ciphers including the Null cipher (TLS_RSA_WITH_NULL_SHA and TLS_RSA_WITH_NULL_MD5). The Null ciphers are a 0-bit SSL cipher which do not provide encryption for any connection using the cipher and, depending on the environment, could be the negotiated cipher used for the 'secure' communications between WebX and the ClearSCADA server.  The result of this is that any network traffic is transmitted in plain text and could be eavesdropped.

Solution

It is possible to disable the Null ciphers in ClearSCADA using the following procedure:

1. In the ClearSCADA Server Configuration pointing to all your WebX servers log in to each server as a ClearSCADA user with System Administration priviledges

2. Select the 'Registry' settings.

3. Modify the two keys (as indicated in the screen shots below in red) and apply the changes.


4. Restart ClearSCADA on the relevant servers for the changes to take effect.

By disabling the two Null ciphers, should the client fail to negotiate any of the more secure ciphers, it will not fall back to Null cipher and will instead show an error to the end-user.