This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remove TLS 1.1 from Web Admin HTTPS interface

Hi Community,

From a vulnerability management scan the result on the XG was port 4444 (web admin interface) was TLS v1.1 enabled. I could not find how to disable this, anyone have an idea?

Regards,

Peter

This thread was automatically locked due to age.

Top Replies

Vivek Jagad over 2 years ago in reply to rizzah +1 verified

So, as you can see " Secure Renegotiation IS NOT supported " It did not connect, now try with TLS 1.2 > openssl s_client -connect X.X.X.X:4444 -tls1_2 ===== If a post solves your question please use the…

Parents

0 Vivek Jagad over 2 years ago

Are you able to test with openssl command?
via Linux machine terminal/windows powershell > openssl s_client -connect X.X.X.X:4444 -tls1_1
if yes, could you share the results with us here ?

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 rizzah over 2 years ago in reply to Vivek Jagad

CONNECTED(00000003)
140091414586688:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:../ssl/record/rec_layer_s3.c:1543:SSL alert number 70
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 124 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1652186929
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rizzah over 2 years ago in reply to Vivek Jagad

CONNECTED(00000003)
140091414586688:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:../ssl/record/rec_layer_s3.c:1543:SSL alert number 70
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 124 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1652186929
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
Cancel
Vote Up 0 Vote Down

Cancel

Children

+1 Vivek Jagad over 2 years ago in reply to rizzah

So, as you can see "Secure Renegotiation IS NOT supported"
It did not connect, now try with TLS 1.2 > openssl s_client -connect X.X.X.X:4444 -tls1_2
=====
If a post solves your question please use the 'Verify Answer' button.

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel