This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WebAdmin and user portal TLS v1.0

I ran an external compliance scan on our network and received a notification that the the ports/services that handle the WebAdmin login and user portal for our UTM 220 accept TLS v1.0, which causes the scan to fail. Is there any way I can disable v1.0? I read a couple posts about manually updating the system for Heartbleed and TLS for SMTP, but I thought those methods might be outdated by now or not to applicable to this case.

The UTM 220 is at version 9.310-11.

thanks!

This thread was automatically locked due to age.

Parents

0 OmnerBarajas over 8 years ago

Hello. Did you guys find a solution to this problem?

Apparently the latest versions came with no TLSv1 in configuration file but scanner still finding the problem.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 8 years ago in reply to OmnerBarajas

Omner, can you tell/show us explicitly what the scan sees on which port?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 OmnerBarajas over 8 years ago in reply to BAlfson

HI Bob,

This is the message:

SSL/TLS Server supports TLSv1.0 - port 443/tcp over SSL

That port (443) is the one I am using for my virtual web server.

I have been checking setting in GUI or even server but not able to disable support for TLSv1.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 8 years ago in reply to OmnerBarajas

Does the scanner still see TLSv1 when you disable the Virtual Server?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 8 years ago in reply to OmnerBarajas

Does the scanner still see TLSv1 when you disable the Virtual Server?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 OmnerBarajas over 8 years ago in reply to BAlfson

Bob, It is not possible for me to disable my virtual server, it is a production application.

Do you have other suggestion about how to troubleshot the issue?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 8 years ago in reply to OmnerBarajas

Temporarily add a DNAT and then disable the Virtual Server. As you can see in #2 in Rulz, the DNAT will "steal" the traffic away from the Virtual Server as soon as the NAT rule is activated.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel