I'm asking this question to a vendor as well. However, I will ask here too. I'm trying to disable TLS1.0 globally on a firewall cluster. This is in an effort to completely eliminate all HTTPS weak ciphers. I've been scanning our environment with various tools and found that TLS 1.0 is still a valid cipher when I scan my cluster IP addresses.
So far, I haven't been able to find any documentation on how to do this with Checkpoint. On an ASA it's 2 or 3 commands to stop supporting the cipher. The only thing I've seen in forums is that on Checkpoint it's not possible. Is this true?
I'm running R80.30 so I would think you would be able to do this but maybe not.
Thanks,
Jon