3CX DLL-Sideloading attack: What you need to know
It was my understanding that the betas would include fixes to move both the UTM and RED devices to TLS 1.1 . We are having huge issues with PCI compliance due to the TLS 1.0 currently in place. After testing of beta 1 and 2, port 4444 appears to have been patched, however the RED listening port still shows TLS 1.0. Anyone know more about this?
I don't know anything else on the subject but I'll just add my comment to say this does need to be fixed. One of the biggest reasons my company has not rolled out additional Sophos boxes is because of PCI compliance. Sophos is shooting themselves in the foot by eliminating potential customers that requiring the very common PCI Compliance. Personally I think PCI Compliance should be a built in update just like SNORT rules.
it is correct that RED is not working with TLS 1.2. This will not be changed in UTM 9.4, but this is something we are planning for the future.
We are aware that this is a thing that should be changed soon.
Holger - Thank you for the info.
How about the TLS for the web interface? Beta 1 appeared to resolve some of the issue, but after beta2, they are all failing again for port 4444.
What is the timeline for a beta of 9.4? We are getting lots of slack from our customers, and support / sales both refuse to give ANY details of when we can expect something. It would be really nice to know if this is a 30 day issue or a 6 month issue.
You are welcome.
I forwarded your question to the related team.