TLS Version 1.0 and 1.1 Protocol Detection Vulner...

ACEGYRA · ‎2020-05-01

We not using Checkpoint remote VPN in current setup but still we want to fix the TLS related below mentioned vulnerability.

TLS Version 1.0 and 1.1 Protocol Detection Vulnerbility.

We have VSX deployment and running r80.10 gaia os.

Also what will be the impact if we disable 1.1 and enable 1.2.

Chris_Atkinson · ‎2020-05-02

I assume the context here is sk154532 what other blades are enabled in the environment?

ACEGYRA · ‎2020-05-03

Can you share me the sk154532 link?

Chris_Atkinson · ‎2020-05-03

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Note access to some SK articles may depend on you support/partner/certification level.

ACEGYRA · ‎2020-05-03

Do I need to install policy after making the changes?

PhoneBoy · ‎2020-05-03

Yes

ACEGYRA · ‎2020-05-04

I have made changes today..waiting for the team to re-scan and check if we still get this vulnerability or not.

ACEGYRA · ‎2020-05-05

We have received report from VAPT team after rescanning the Checkpoint devices, still this Vulnerability is showing Open in the report.

PhoneBoy · ‎2020-05-06

Recommend working with the TAC on this.

ACEGYRA · ‎2020-05-14

TAC has shared below sk.

Kindly check sk132712, if this is relevant? (For Disabling TLS1.0 and TLS1.1)

Chris_Atkinson · ‎2020-05-14

Relevance probably depends on which ports the scan revealed the lower TLS versions for.

ACEGYRA · ‎2020-05-14

vapt report says for port 443

ACEGYRA · ‎2020-05-30

We followed the sk147272 on both the cluster member to mitigate TLS and sweet32 vulnerabilities and re-scaned the device now we don't see this in open.

Issue resolved