This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Herr_O
Explorer
‎2024-10-08 07:22 AM
Jump to solution

SIC initialization still communicates over SSLv3 ?

Hello everyone,

the sk107166 "TLS1.2 Support Plan for Check Point Products"  seems to be vallid  and maintained (Last modified
2023-09-11).
I find the note that the SIC initialization still communicates via ssl v3. Is this really the case and if so, why?

Of course it is only the initialization, but I am afraid that this is a topic that I have to discuss with our internal audit department and would like to avoid this 😉

 

Regards,

0 Kudos
1 Solution

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee
‎2024-10-09 03:51 AM
In response to Herr_O
Jump to solution

I've spoken to R&D owner and SIC initialization uses TLS 1.2 in R81.10 and higher versions.

View solution in original post

4 Replies
Herr_O
Explorer
‎2024-10-08 11:40 PM
In response to Tal_Paz-Fridman
Jump to solution

Thanks for the answer
I know the SIC communication, but my question refers explicitly to the SIC initialization

------

https://support.checkpoint.com/results/sk/sk107166

Notes:

  1. The schedule can be subject to modifications. For most up-to-date information, revisit this page or subscribe to RSS feed (at the top).

  2. Support for TLS 1.2 was integrated since Take 266 of R77.30 Jumbo Hotfix.

    • The SIC initialization still communicates over SSLv3.

    • For VSX Gateway, refer to sk112014 - "Cannot establish connection to SSL Network Extender gateway. Try to reconnect." error wh....

    • Before installing Take 266 and higher of R77.30 Jumbo Hotfix, make sure to back up all the current httpd.conf files:
      [Expert@HostName:0]# find / -name httpd.conf -type f

      If any changes were made in the past in the httpd.conf files, then the new httpd.conf files should be edited manually (do NOT overwrite the new files with the backed up files).

    • If a connection from a SmartConsole computer to a Security Management Server / Domain Management Server must also be TLS 1.2, then an improved SmartConsole can be provided (otherwise, the communication will be TLS 1.0).

      This requires Take 266 and higher of R77.30 Jumbo Hotfix to be installed on the Security Management Server / Multi-Domain Security Management Server.
0 Kudos
_Val_
Admin
Admin
‎2024-10-09 01:40 AM
In response to Herr_O
Jump to solution

@Herr_O You are looking into the older SK, while @Tal_Paz-Fridman provided you with the updated information. Initialization is part of SIC, so sk178505 applies. 

Now, if you need a stumped official response you could use for the audit, it is advisable to open a TAC ticket for 100% official answer.

Tal_Paz-Fridman
Employee
Employee
‎2024-10-09 03:51 AM
In response to Herr_O
Jump to solution

I've spoken to R&D owner and SIC initialization uses TLS 1.2 in R81.10 and higher versions.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events