I'm running Red Hat Linux Enterprise Linux 7.9 which hosts a tentacle application.
After a vulnerability scanner on this server, it shows a TLS vulnerability over the port 10993, which is the port used for octopus tentacle and the vulnerability rapport shows that the server is successfully connected over TLSv1.1
I had verified on the server into /etc/octopus/Tentacle/ tentacle-Tentacle.config file but nowhere its mentioned the SSL/TLS settings on the Linux machine. I need someone to help where exactly it’s pointing this TLS1.0, TLS1.1 and where the TLS config file is located to disable the use of the weak version.
Thank you,
Related
Vulnerability scan shows that my server (server1821) is currently vulnerable to TLS ROBOT
Server is AIX.
How do I check for this vulnerability and how to fix this?
I checked with my vender and I got the reply as :
Does the scan report which ports are vulnerable? Those applications using TLS protocol with RSA ciphers need to be altered so they no longer use RSA. We need to do this at the application level.
Not sure about this suggestion.
The TLS ROBOT advisory site ((https://robotattack.org/) doesn't have any answers with respect to AIX.
A simple command shows this"
serverl1821 2 % cat /etc/ssh/sshd_config |grep -i rsa
#HostKey /etc/ssh/ssh_host_rsa_key
serverl1821 3 %
Can anyone help me here?
Your application vendor is absolutely correct. First of all you have to ask you security guys, where they found the vulnerability. Not only the server name, but also the port.
Then the problem may be in one of the following component:
OpenSSH
OpenSSL
IBM GSKit
Java
Every of the components requires different tuning to disable RSA ciphers.
To make it more complex every application can come with their own SSL/TLS library and their own set of settings.
The vulnerability may have nothing to do with ssh. You should update GSKit package. This is the package which implement SSL/TLS in AIX. And do not forget to restart web/application server.
I'm getting this error when i try to connect to a SSL (protocol v3) LDAP server in Apache Directory Studio.
I'm connecting to a LDAP server on port 636 (ldaps) with SSL encryption.
ERR_04120_TLS_HANDSHAKE_ERROR The TLS handshake failed, reason: Unspecified: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
I'm using Apache Directory Studio Version: 2.0.0.v20210213-M16 on MacOS 11.2.3 (20D91)
java.version=16
java.vendor=Azul Systems, Inc.
It seems that "some" update maybe disabled TLS1.0 on my mac???
Any clues how to fix this?
So this may be a little late, but you need to follow the instructions here.
An update to the JDK has disabled TLS1 and TLS1.1 support by default. You can change the defaults so they are no longer disabled.
Basically you need to find the jdk.tls.disabledAlgorithms property in ${JAVA_HOME}/conf/security/java.security file and remove the offending algorithm from the list (TLS1).
Once you do this, you should be good to go.
I have new server windows 2019 standard Edition, with IIS 10 installed on it I exported my wildcard SSL from my old server to the new server my website can work successfully on http only while on https it gives an error can't open and gives this error
https://www.screencast.com/t/zgpV7hnUw
I tried to create a new request and get a new certificate also get the same error, also I enabled SSL 3.0 in the registry but also no result.
also, strange behavior when I tried to test the SSL with ssllabs website I found the response successful with grade A
Any advice
Thanks in advance
To resolve the issue you could try below things:
1)Open iis manager.
2)select your site-> bindings.
3)add binding with the below values:
type: https
IP: all assigned
port: 443
keep hostname blank
in certificate select IIS Development Certificate and click ok.
restart iis and site.
clear browser history and try to browse the site.
Thanks for you all the problem is when I applied the registry that applies to enable ciphers and Tls 1.3 and Tls1.2 and disable Tls1.0 and Tls 1.1 on windows 2019. windows 2019 don't need to add any ciphers or Tls1.3 and tls1.2 protocols
I want to setup SSL certificate on tomcat, specification of my server:
OS: ubuntu 18.04 LTS
tomcat: 9.0.31
java: 1.8.0_242
I have these files:
xyz.key
xyz.ca-bundle
xyz.crt
I want to run tomcat on port 443 although I Know I can change port by using server.xml file.
By using the above files I can easily setup ssl in apache, But my question is which type of file format I should have in order to setup ssl in tomcat server and if I need some other format then how should I convert these files ?
Question is pretty unclear, but I assume what you're trying to do is run Tomcat standalone, not with Apache Httpd as a proxy. In that case, the easiest and best thing to do is to upgrade to a modern version of Java. Java 9 and later support PKCS12, which is easier than using JKS, so you should upgrade, either to 11 (the current LTS release) or 14 (current release).
Once that is done, you can use this tool to generate a CSR and save a key and help set up your configuration. It might be easier than doing this by editing files.
By "not working" I mean the page loads with an http:// prefix. If I manually type https:// it times out. I'm hoping that someone who has done this before can glance at the tutorials and see what might be missing.
The tutorials I've tried all tend to be the same:
https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-debian-8
https://wiki.debian.org/Self-Signed_Certificate
If I test the SSL connection with an online utility such as:
https://www.sslshopper.com/ssl-checker.html
I get this error:
No SSL certificates were found on mywebsite.com. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server's firewall.
Relevant info:
$ sudo uname -a
Linux ip-172-26-14-207 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u6 (2018-10-08) x86_64 GNU/Linux
Running in an AWS Lightsail instance with Debian (OS only) and LAMP stack installed.
Solved it! After using nmap, wget, telnet, etc. to verify that port 443 was open locally but not externally, I remembered that my AWS Lightsail instance was a virtual private server and I might need to configure the VPS. Sure enough, in the Lightsail web interface there is a firewall setting.
Lightsail landing page > Manage instance > Networking > Firewall