Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall

Discussions SSL Medium Strength Cipher Suites Supported CBC mode Enabled

Sophos Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
Replies 9 replies
Answers 1 answer
Subscribers 40 subscribers
Views 1337 views
Users 0 members are here

Options

Suggested

SSL Medium Strength Cipher Suites Supported CBC mode Enabled

Akash 13 days ago

How i can disable CBC mode and chacha20 affected algorithms and enable CTR or GCM cipher mode encryption.

Added V20.0 MR1
[edited by: Erick Jan at 4:34 AM (GMT -8) on 12 Nov 2024]

Parents

0 LuCar Toni 13 days ago

For what kind of Facilities do you need this?

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Akash 13 days ago in reply to LuCar Toni

i have scanned my sophos firewall i got this vulnerability "SSL Medium Strength Cipher Suites Supported CBC mode Enabled"
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Akash 13 days ago in reply to LuCar Toni

i have scanned my sophos firewall i got this vulnerability "SSL Medium Strength Cipher Suites Supported CBC mode Enabled"
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 LuCar Toni 13 days ago in reply to Akash

On which port / facility ?

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Akash 13 days ago in reply to LuCar Toni

port 8090
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 LuCar Toni 13 days ago in reply to Akash

You need to disable it like this:
https://support.sophos.com/support/s/article/KBA-000009836?language=en_US
https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/CommandLineHelp/DeviceConsole/Set/index.html#http_proxy

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Reject Answer

Cancel
0 Akash 12 days ago in reply to LuCar Toni

facing error while appliying command
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 LuCar Toni 12 days ago in reply to Akash

You are using V20.0 MR2?

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Akash 12 days ago in reply to LuCar Toni

yes 20.0.1
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 LuCar Toni 12 days ago in reply to Akash

This option is available on V20.0 MR2.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel