Karimm
Nov 21, 2022Nimbostratus
TLS weak Qualys report
Hi guys, Please help to identify the reason why Qualys scan gives this result about TLS protocol. Is there anything to change on the SSL profiles ? Thank you!!
Hi Altocumulus,
Thanks a lot! can you share how you did it with your client?
Thank you!
Hi Karimm ,
Ok
First :
> open (local traffic >ciphers and select Rules) ,
and Create rule like this :
> Then Create Cipher Group :
> Then modify your Client ssl profile That attached on your virtual servers ( virtual server that you did the "Qualys " Test on , associate it with created cipher group.
clarified here :
Note:
> This is the used cipher in Rule :
DEFAULT:!TLSV1:!TLSV1_1:!AES
This Rule excludes TLSv1 , TLSV1.1, CBC
> this is a More Secure Cipher :
ALL:!ADH:!LOW:!EXP:!NULL:!RC4:!DES:!3DES:!SHA:!SHA256:!SHA384:!MD5+HIGH:+MEDIUM
use any of them.
But Note :
maybe some of your Clients have an old devices and still Negotiate with weak ciphers , and this may impact them , but you are securing yourself against attacks and performing what is recommended by Qualys Test by removing all Weak Ciphers.
> These ciphers restrict users to negotiate with your Application that published on Virtual server.
> if you run your Qualys test again you shouldn’t see the weak ciphers again.
Regards