Forum Discussion

Karimm's avatar
Karimm
Icon for Nimbostratus rankNimbostratus
Nov 21, 2022

TLS weak Qualys report

Hi guys, Please help to identify the reason why Qualys scan gives this result about TLS protocol. Is there anything to change on the SSL profiles ? Thank you!!
security
Karimm's avatar
Karimm
Icon for Nimbostratus rankNimbostratus
Nov 22, 2022

Hi Altocumulus, 

Thanks a lot! can you share how you did it with your client?

Thank you!

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Nov 22, 2022

    Hi Karimm , 
    Ok 
    First : 
    > open (local traffic >ciphers and select Rules) , 
    and Create rule like this : 
    > Then Create Cipher Group  : 


    > Then modify your Client ssl profile That attached on your virtual servers ( virtual server that you did the "Qualys " Test on , associate it with created cipher group. 
    clarified here : 

    Note: 
    > This is the used cipher in Rule : 
    DEFAULT:!TLSV1:!TLSV1_1:!AES
    This Rule excludes TLSv1 , TLSV1.1, CBC 
    > this is a More Secure Cipher : 
    ALL:!ADH:!LOW:!EXP:!NULL:!RC4:!DES:!3DES:!SHA:!SHA256:!SHA384:!MD5+HIGH:+MEDIUM

    use any of them. 
    But Note : 
    maybe some of your Clients have an old devices and still Negotiate with weak ciphers , and this may impact them , but you are securing yourself against attacks and performing what is recommended by Qualys Test by removing all Weak Ciphers.

    > These ciphers restrict users to negotiate with your Application that published on Virtual server.

    > if you run your Qualys test again you shouldn’t see the weak ciphers again. 

    Regards