AnsweredAssumed Answered

TLS v1.2 not implemented?

Question asked by Thomas Bennek on Oct 11, 2018
Latest reply on Oct 12, 2018 by Thomas Bennek

Hello Community,

 

one of our clients was upgraded from Windows 7 to Windows 10 Build 1803. After that he couldn´t start R80.10 SmartDashboard anymore with the following error displayed:

Could not establish secure channel for SSL/TLS with authority << MGMT-IP >>:19009"

 

After a short search we found an related skArticle: sk121353

 

Here we found the cause:

The user has disabled TLS lower than TLS1.2 on the system where the SmartConsole is installed.

 

And the solution:

Currently, TLS ciphers lower than TLS1.2 are needed to connect from Smart Console to a MDS or Security Management.

 

Therefore, Check Point has not yet implemented TLS v1.2 for the really critical connection between Management-Client and Management-Server! 

 

TLS v1.2 was officially announced 2008 - 10 Years now. TLS v1.0 and TLS v1.1 are unsafe and almost deprecated:

Deprecating TLS 1.0 & 1.1 | DigiCert Blog 

 

Why hasn´t Check Point implemented TLS v1.2 for this critical connection? When will it be implemented (we are talking about R80.10 here)? And when will TLS v1.3 be implemented then, which should be officially announced in 2018?

 

I hope someone can give me a statement about this, as this problem will arise at customers who will change to newest Windows 10. I can´t give them a explanation why Check Point still hasn´t implemented TLS v1.2 for this critical connection.

 

Thanks and best regards,

Thomas

Outcomes