Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 23 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 40924 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WebAdmin and user portal TLS v1.0

noregrets
I ran an external compliance scan on our network and received a notification that the the ports/services that handle the WebAdmin login and user portal for our UTM 220 accept TLS v1.0, which causes the scan to fail.  Is there any way I can disable v1.0?  I read a couple posts about manually updating the system for Heartbleed and TLS for SMTP, but I thought those methods might be outdated by now or not to applicable to this case.

The UTM 220 is at version 9.310-11.

thanks!


This thread was automatically locked due to age.
Parents
  • 0

    Support reminded me that the issue with TLSv1 was BEAST - long before POODLE.  Unless your organization has PCs running XP or Server 2003, you can remove TLSv1 as described above or just by removing it from line 107 instead of adding another, later line.

    Personally, I think that should treat is as a bug that it's still in the conf file since it causes one to fail a PCI scan.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thank you for following up with Sophos.
Reply Children
No Data
Unfiltered HTML