General Discussion Disable Weak SSL Security

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 4 replies
Subscribers 9 subscribers
Views 3725 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable Weak SSL Security

Kevin Lane over 2 years ago

we are running Firmware version 9.709-3 with pattern version 207145

we had a level 2 pen test audit and it showed that we are running with some weak security TLSv1.0 and TLSv1.1

How do I go about disabling these TLS protocols, we already only accept TLSv1.2 for emails from within the SMPT > Advance >TLS settings

Thanks

This thread was automatically locked due to age.

Top Replies

Holger Gran over 2 years ago +1

The next steps depend on the service that is using the old TLS version. Has the pen test told you the ports that are supporting the old TLS versions?

0 Amodin over 2 years ago

Well, 9.710 was just released and it got rid of the SSLVPN client, requiring the Sophos Connect client. I wonder if they cleaned up TLS versions there as well.

Might be something to ask support to see if they can tell you.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel
0 Holger Gran over 2 years ago

The next steps depend on the service that is using the old TLS version. Has the pen test told you the ports that are supporting the old TLS versions?
Cancel
Vote Up +1 Vote Down

Cancel
0 BAlfson over 2 years ago

Hi Kev,

Are you using Webserver Protection? Do you have any DNATs for inbound traffic? Please insert pics of the Edits of the relevant configurations.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Rob Crommentuijn over 2 years ago

You could check the following kb article:

Sophos UTM: Remove TLS 1.1 from Web Admin and User Portal

support.sophos.com/.../KB-000039410
Cancel
Vote Up 0 Vote Down

Cancel