Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
lemm
Explorer

TLS version

Hi All,

I have disabled tls v1 and v1.1 from my firewalls , but during a recent pen test it found an issue "Insecure SSL/TLS Protocols - LOW - External".

I have used show ssl tls enabled command and can see only tls v1.2 is enabled.

Can you help with some other commands to check further or what could cause this issue to pop up during pen test ?

0 Kudos
6 Replies
Chris_Atkinson
Employee Employee
Employee

You disabled via CLI?  Maybe also check sk154532 depending on the port / service reported by the scan.

CCSM R77/R80/ELITE
0 Kudos
AkosBakos
Leader Leader
Leader

Hello,

To check SSL V2
openssl s_client -connect secureurl.com:443 -ssl2
To Check SSL V3
openssl s_client -connect secureurl.com:443 –ssl3
To Check TLS 1.0
openssl s_client -connect secureurl.com:443 –tls1
To Check TLS 1.1
openssl s_client -connect secureurl.com:443 –tls1_1
To Check TLS 1.2
openssl s_client -connect secureurl.com:443 –tls1_2
 
Check that IP which was marked as vulnerable in the report.
 
Akos
----------------
\m/_(>_<)_\m/
0 Kudos
the_rock
Legend
Legend

Can you see what you have here in global properties in smart console?

Andy

 

 

Screenshot_1.png

CaseyB
Advisor

You might need to disable some ciphers even though TLS 1.2 is the only thing enabled; we had something similar happen with our pen test.

sk126613 - Cipher configuration tool 'cipher_util' for Security Gateways

We "passed" using this configuration:

R8110_ciphers.png

AkosBakos
Leader Leader
Leader

And you can test it, one-by-one too 🙂

openssl s_client -cipher 'ECDHE-ECDSA-AES256-SHA' -connect secureurl:443

 

----------------
\m/_(>_<)_\m/
(1)
the_rock
Legend
Legend

Just tried with google.com, super useful command!

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events