This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SUM communication via TLS to SG-UTM is not secure, weak ciphers detected.


Is there anywhere to harden the ciphers for TCP port 4433 using CC commands ? I cannot seem to find it. But both NMAP and Nessus tool detect port TCP 4433 has weak ciphers and still using TLS 1.1.

Below is the list of weak ciphers found. The weak ciphers are: a. TLS_RSA_WITH_AES_128_CBC_SHA b. TLS_RSA_WITH_AES_128_CBC_SHA256 c. TLS_RSA_WITH_AES_128_GCM_SHA256 d. TLS_RSA_WITH_AES_256_CBC_SHA e. TLS_RSA_WITH_AES_256_CBC_SHA256 and TLS 1.1 still in used in TCP 4433.

For webadmin using port TCL 4444 and 4422, i am able to use CC commands to harden the selection of ciphers.

This thread was automatically locked due to age.
  • Hi Peng and welcome to the UTM Community!

    This would be a good question for Support if you have a paid license for UTM.  My guess is that the issue is addressed on SUM with a different certificate and that cert would then be uploaded to the UTM  in 'Central Management'.  Please let us know what you learn.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA