Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
umar7
Contributor
Jump to solution

weak ciphers

 
0 Kudos
1 Solution

Accepted Solutions
umar7
Contributor

hi @G_W_Albrecht ,

i have succesfully completed the vulnerability mitigations based on the sk147272 and cipher_util tool

thanks for the response guys

View solution in original post

0 Kudos
14 Replies
_Val_
Admin
Admin

You already found the solution, sk126613. Run cipher_util and remove the weak ciphers. The SK has full instructions on how to do that. 

0 Kudos
umar7
Contributor

hell

0 Kudos
_Val_
Admin
Admin

Wait a moment, you are running R80.30? It is out of support for a while now.

Concerning your question, you really need to explain what you are trying to achieve. Removing ciphers from SSL Inspection will lead to a situation when traffic will not be inspected if a website only offers weak ciphers to use.

What are you trying to achieve in the first place? Harden the system? Which part of the functionalities?

0 Kudos
umar7
Contributor

apologies to val , here i have attached the weak ciphers i really don;t know where i need to disable this and this is my first time using the cipher_utill 

actually that was my lab environment R80.30 ,the original vulnerability observed by R81

0 Kudos
_Val_
Admin
Admin

Which vulnerability? You are not making much sense. Please elaborate, what do you want to achieve here?

What is the tool reporting week filters? 

0 Kudos
umar7
Contributor

hello

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Multi Portal as this is always enabled ! See about the process and how to restart which services here: sk178165: The configuration made with the 'cipher_util' on a Security Gateway is not applied immedia...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
umar7
Contributor

the tools QUALYS SSl labs

0 Kudos
_Val_
Admin
Admin

I assume it is testing the SSL capabilities of your GW. Choose the Multi-portal, remove weak filters and check if the issue is resolved.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Do you have SSL Inspection enabled at all ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
umar7
Contributor

no @G_W_Albrecht 

actually how to we check this ssl enabled or not ?

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

According to the output above you do not have SSL Inspection for TP enabled. Open the GW object and select HTTPS inspection in left column - Enable HTTPS inspection is unchecked.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend

Did you succeed to disable the weak ciphers yet ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
umar7
Contributor

hi @G_W_Albrecht ,

i have succesfully completed the vulnerability mitigations based on the sk147272 and cipher_util tool

thanks for the response guys

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events