General Discussion Disable Weak SSL Security

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 4 replies
Subscribers 9 subscribers
Views 3725 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable Weak SSL Security

Kevin Lane over 2 years ago

we are running Firmware version 9.709-3 with pattern version 207145

we had a level 2 pen test audit and it showed that we are running with some weak security TLSv1.0 and TLSv1.1

How do I go about disabling these TLS protocols, we already only accept TLSv1.2 for emails from within the SMPT > Advance >TLS settings

Thanks

This thread was automatically locked due to age.

Top Replies

Holger Gran over 2 years ago +1

The next steps depend on the service that is using the old TLS version. Has the pen test told you the ports that are supporting the old TLS versions?

Parents

0 Amodin over 2 years ago

Well, 9.710 was just released and it got rid of the SSLVPN client, requiring the Sophos Connect client. I wonder if they cleaned up TLS versions there as well.

Might be something to ask support to see if they can tell you.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Amodin over 2 years ago

Well, 9.710 was just released and it got rid of the SSLVPN client, requiring the Sophos Connect client. I wonder if they cleaned up TLS versions there as well.

Might be something to ask support to see if they can tell you.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data