Forum Discussion
adithyodw_18563
Nimbostratus
Nimbostratusdiscovered that the SSL service on the server did not support the latest TLS 1.2 protocol.
Hi All,
so i got alert message from audit
"discovered that the SSL service on the server www.example.com (x.x.x.x) did not support the latest TLS 1.2 protocol. The weak TLS 1.0 protocol was...
Brad_Parker
Cirrus
CirrusAre you talking about SSL on the management interface, httpd? If so you can update the following items to make audit happy by enabling TLSv1.2 and disabling SSLv3.
tmsh modify sys httpd ssl-protocol 'all -SSLv2 -SSLv3'
tmsh modify sys httpd ssl-ciphersuite 'ECDSA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'
Then save the config and restart httpd.
tmsh save sys config
bigstart restart httpd
