How i can disable CBC mode and chacha20 affected algorithms and enable CTR or GCM cipher mode encryption.
Added V20.0 MR1
[edited by: Erick Jan at 4:34 AM (GMT -8) on 12 Nov 2024]
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
How i can disable CBC mode and chacha20 affected algorithms and enable CTR or GCM cipher mode encryption.
For what kind of Facilities do you need this?
__________________________________________________________________________________________________________________
i have scanned my sophos firewall i got this vulnerability "SSL Medium Strength Cipher Suites Supported CBC mode Enabled"
On which port / facility ?
__________________________________________________________________________________________________________________
port 8090
You need to disable it like this:
https://support.sophos.com/support/s/article/KBA-000009836?language=en_US
https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/CommandLineHelp/DeviceConsole/Set/index.html#http_proxy
__________________________________________________________________________________________________________________
facing error while appliying command
You are using V20.0 MR2?
__________________________________________________________________________________________________________________
yes 20.0.1
This option is available on V20.0 MR2.
__________________________________________________________________________________________________________________
This option is available on V20.0 MR2.
__________________________________________________________________________________________________________________