https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-TLS-SSL-support-for-static-key-cipher-suites/m-p/91454#M10882 <P>Hi,</P><P>We recently ran a vulnerability scan and we got this recommendation "Disable TLS/SSL support for static key cipher suites" is there an SK to guide us through this? What's the impact if we implement this in terms of breaking something?&nbsp;</P> Tue, 14 Jul 2020 12:19:51 GMT Uncle_Wally_SA 2020-07-14T12:19:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-TLS-SSL-support-for-static-key-cipher-suites/m-p/91454#M10882 <P>Hi,</P><P>We recently ran a vulnerability scan and we got this recommendation "Disable TLS/SSL support for static key cipher suites" is there an SK to guide us through this? What's the impact if we implement this in terms of breaking something?&nbsp;</P> Tue, 14 Jul 2020 12:19:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-TLS-SSL-support-for-static-key-cipher-suites/m-p/91454#M10882 Uncle_Wally_SA 2020-07-14T12:19:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-TLS-SSL-support-for-static-key-cipher-suites/m-p/91486#M10883 <P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk126613" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk126613</A></P> <P>&nbsp;</P> Tue, 14 Jul 2020 14:44:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-TLS-SSL-support-for-static-key-cipher-suites/m-p/91486#M10883 _Val_ 2020-07-14T14:44:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-TLS-SSL-support-for-static-key-cipher-suites/m-p/92139#M10884 <P>Thanks a lot, sorry for the late response&nbsp;<span class="lia-unicode-emoji" title=":smiling_face_with_smiling_eyes:">😊</span></P> Wed, 22 Jul 2020 08:55:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-TLS-SSL-support-for-static-key-cipher-suites/m-p/92139#M10884 Uncle_Wally_SA 2020-07-22T08:55:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-TLS-SSL-support-for-static-key-cipher-suites/m-p/103946#M10885 <P>Hi,&nbsp; I tried this as well to disable&nbsp;<SPAN>TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA, by moving these to the "forbidden" section, ran the registry update and pushed the policy. But when we ran nmap, we had the same ciphers showing up.&nbsp;</SPAN></P> Wed, 02 Dec 2020 03:16:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-TLS-SSL-support-for-static-key-cipher-suites/m-p/103946#M10885 nolankam 2020-12-02T03:16:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-TLS-SSL-support-for-static-key-cipher-suites/m-p/103968#M10886 <P>Did you reboot at some point? I'v noticed that sometimes it does not survive reboots</P> Wed, 02 Dec 2020 08:51:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-TLS-SSL-support-for-static-key-cipher-suites/m-p/103968#M10886 Uncle_Wally_SA 2020-12-02T08:51:03Z