I am currently in charge of doing internal PCI vulnerability scans for the company I work for and we are currently using openVas for our vulnerability scanner. When scanning our UTM instance I keep receiving the following Vulnerabilities - Check for SSL Weak Ciphers and Deprecated SSLv2 and SSLv3 Protocol Detection.
The Scan for check for SSL weak ciphers is finding the following:
SSL3_RSA_RC4_128_SHA TLS1_RSA_RC4_128_SHA TLS1_RSA_RC4_128_SHA TLS_1_2_RSA_WITH_RC4_128_SHA
Currently I only have access to our Web console of the UTM and I do not see an option to disable or even enable SSL. My guess is to actually disable these ciphers and protocols I would need to actually be on the webserver and there is a configuration file I am guessing? Can anyone confirm this?
Thank you!
This thread was automatically locked due to age.
Quote