Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copper

Vulnerability Mitigation for TLS 1.0 and Weak Ciphers

Hello,

I need  instructions to mitigate the following two vulnerabilities from our Gateways : 

1) Enable Support for TLS 1.1 and TLS 1.2 , and disable TLS  1.0

2) Removal of Weak Ciphers

We are using a VSX Cluster environment with R80.10

Also, what could be the after effects after removing these vulnerabilities on the existing production environment.

Please suggest.

 

Thanks

0 Kudos
7 Replies
Highlighted
Admin
Admin

Re: Vulnerability Mitigation for TLS 1.0 and Weak Ciphers

As there isn't one global "use TLSv1.2" and "disable weak ciphers" setting, we need some more context, namely on what ports these issues were found.
The main one the comes up (Gaia WEBUI) isn't relevant on VSX.
0 Kudos
Highlighted
Copper

Re: Vulnerability Mitigation for TLS 1.0 and Weak Ciphers

thanks for the reply.. vulnerability has been reported on port 443 (TLS 1.0 Protocol Detection) ...discovered on 2 VSX Gateways which are in cluster
0 Kudos
Highlighted
Admin
Admin

Re: Vulnerability Mitigation for TLS 1.0 and Weak Ciphers

What blades are active on this gateway?
Like I said, the main culprit (the Gaia WebUI) is not active on VSX.
0 Kudos
Highlighted
Copper

Re: Vulnerability Mitigation for TLS 1.0 and Weak Ciphers

AntiBot, Antivirus, IPS
0 Kudos
Highlighted

Re: Vulnerability Mitigation for TLS 1.0 and Weak Ciphers

Maybe also SSL Inspection ? Then see sk126613: Cipherconfiguration tool for R80.x Gateways.

0 Kudos
Highlighted
Ivory

Re: Vulnerability Mitigation for TLS 1.0 and Weak Ciphers

how to remediate TLS vulnerability on checkpoint firewall Virtual interface

 

and sk126613: Cipherconfiguration tool for R80.x Gateways.  is not clearing this requirement @

0 Kudos
Highlighted

Re: Vulnerability Mitigation for TLS 1.0 and Weak Ciphers

1) Enable Support for TLS 1.1 and TLS 1.2 , and disable TLS  1.0

Note: I am a novice user, so please check in test setup before applying to production.

Solution: In Smart console menu->Global properties->Advanced->Configure...

Go to portal properties, there it will show option to set max and min ssl version attributes.

There you may change ssl min. version from TLS1.0 to TLS1.1.

---------There is no growth without humility---------
0 Kudos