Skip to main content

Universe Telnet Service

  • June 29, 2023
  • 3 replies
  • 64 views

Hi everyone, Does anyone know how to make the "Universe Telnet Service" that runs on our IBS Application server, to only use 128bit
block Ciphers, and disable the other lower 64bit block ciphers? The service listens on port 992.

The problem is that our Qualys VUN scanning tool is picking up that port 992 is a security risk against
Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32) and goes on to say
"Disable and stop using DES, 3DES, IDEA or RC2 ciphers. 

We believe that the "Universe Telnet Service" uses OpenSSL that offers out these lower level ciphers, but we have no idea how to to best address this so
that the only ciphers used are 128-bit or higher ciphers. We are waiting on our third party support to get back to us as they have opened a ticket today.

Current version of OpenSSL is OpenSSL 1.0.2m-fips  2 Nov 2017, though "Programs and Features" is saying OpenSSL 1.1.1k (64-bit) was installed on March 2021.

Universe is 12.1.1 is installed.

Thanks in advance.



------------------------------
Dean Christodoulides
IT Technician
Baker Hughes Inc
------------------------------

3 replies

Manok Jeet
  • New Participant
  • June 25, 2026

Since you're running UniVerse 12.1.1, I'd specifically check with Rocket Software support which OpenSSL library the Universe Telnet Service is actually loading. Clear documentation and troubleshooting steps, much like happy birthday messages that recognize dedication and service, help users resolve issues more efficiently.


Forum|alt.badge.img
  • Rocketeer
  • June 26, 2026

Try enforceing TLSv1.3 and similar (TLSv1.2 might be enough) higher profile in configs (SSL_PROTOCOLS) and disable protocol downgrade (NO_TLS_FALLBACK_SCSV in SSL_OPTIONS).

If I not mistaken, newer protocols by default does 128bit cipher minimum and NO_TLS_FALLBACK_SCSV prevents telnet clients downgrade (access to 64 bit protocols). 

Take a note that some of your legacy clients might not able to connect as they do not support 128bit ciphers. But that kinda point of your scanners, to enforce safe configuration and up to date client software :) 


Dylan12
  • New Participant
  • June 30, 2026

This post is not about birthdays. It is a technical discussion about Rocket UniVerse Telnet Service and configuring SSL/TLS ciphers.

If you want to leave a helpful comment, here's a professional one:

This is an interesting security question. Upgrading to stronger 128-bit or higher ciphers is a sensible step for improving security and meeting modern compliance requirements. It would be helpful if Rocket could clarify whether the supported cipher suites are configured through UniVerse settings, the underlying SSL/TLS library, or the operating system. Looking forward to hearing the recommended approach from someone who has implemented this successfully.

This comment is relevant to the discussion and encourages a technical solution without making unsupported claims.