This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Prime
Contributor
‎2020-05-01 01:58 PM

TLS Version 1.0 and 1.1 Protocol Detection Vulnerbility

We not using Checkpoint remote VPN in current setup but still we want to fix the TLS related below mentioned vulnerability.

TLS Version 1.0 and 1.1 Protocol Detection Vulnerbility.

We have VSX deployment and running r80.10 gaia os.

Also what will be the impact if we disable 1.1 and enable 1.2.

0 Kudos
12 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2020-05-02 12:21 AM

I assume the context here is sk154532 what other blades are enabled in the environment?

CCSM R77/R80/ELITE
0 Kudos
Prime
Contributor
‎2020-05-03 09:02 AM
In response to Chris_Atkinson

Can you share me the sk154532 link?

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2020-05-03 04:02 PM
In response to Prime

 

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Note access to some SK articles may depend on you support/partner/certification level.

CCSM R77/R80/ELITE
Prime
Contributor
‎2020-05-03 04:44 PM
In response to Chris_Atkinson

Do I need to install policy after making the changes?
0 Kudos
PhoneBoy
Admin
Admin
‎2020-05-03 05:06 PM
In response to Prime

Yes
0 Kudos
Prime
Contributor
‎2020-05-04 07:44 AM
In response to PhoneBoy

I have made changes today..waiting for the team to re-scan and check if we still get this vulnerability or not.
0 Kudos
Prime
Contributor
‎2020-05-05 11:31 PM
In response to Prime

We have received report from VAPT team after rescanning the Checkpoint devices, still this Vulnerability is showing Open in the report.

0 Kudos
PhoneBoy
Admin
Admin
‎2020-05-06 10:03 PM
In response to Prime

Recommend working with the TAC on this.
0 Kudos
Prime
Contributor
‎2020-05-14 01:37 AM
In response to PhoneBoy

TAC has shared below sk.

Kindly check sk132712, if this is relevant? (For Disabling TLS1.0 and TLS1.1)

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2020-05-14 03:47 AM
In response to Prime

Relevance probably depends on which ports the scan revealed the lower TLS versions for.
CCSM R77/R80/ELITE
0 Kudos
Prime
Contributor
‎2020-05-14 04:00 AM
In response to Chris_Atkinson

vapt report says for port 443
0 Kudos
Prime
Contributor
‎2020-05-30 02:38 AM
In response to Prime

We followed the sk147272 on both the cluster member to mitigate TLS and sweet32 vulnerabilities and re-scaned the device now we don't see this in open.

Issue resolved

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events