ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Vulnerability Scan Shows Weak Cipher(s) Supported

book

Article ID: 173245

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

SGOS version such as 6.7.3.8 is being run.

A vulnerability scanner such as Qualys reports Scan Results that includes the following:

SSL/TLS use of weak RC4 cipher port 8084/tcp over SSL

SSL/TLS Server supports TLSv1.0 port 8084/tcp over SSL

TLSv1 WITH RC4 CIPHERS IS SUPPORTED
TLSv1.1 WITH RC4 CIPHERS IS SUPPORTED
TLSv1.2 WITH RC4 CIPHERS IS SUPPORTED
RC4-MD5 RSA RSA MD5 RC4(128)
RC4-SHA RSA RSA SHA1 RC4(128)
ECDHE-RSA-RC4-SHA ECDH RSA SHA1 RC4(128)

Resolution

Upgrade to a later version of SGOS such as 6.7.4.1 (General Availability).

Its Release Notes include Security Fix 257344 which addresses the previously mentioned scan findings:

"Improves the security posture of Client Manager service on port 8084 by removing weak ciphers and
TLS versions."