ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

TLS v1.0 vulnerability detected in NFA

book

Article ID: 226648

calendar_today

Updated On:

Products

CA Network Flow Analysis (NetQos / NFA) DX NetOps

Issue/Introduction

Recently got the result from VAPT which is "TLS v1.0 detection" in  NFA Console server.

Already disabled the TLSv1.0 in the regedit but still on the second VAPT scan the same result was detected.

Is there an additional changes that need to be done within the NFA application to remedy this vulnerability? 

 

 

Environment

Release : 10.0.x / 21.2.x

Component :NFA console

Resolution

Can follow below KB and can apply option 4 i.e "Post-Upgrade / Automatic re-apply certificates"

 

NFA: ApplyHTTPS Tool

 

It will redo the https config with the ssl restrictions. 

 

The AppyHttps script will import a xml file in RIB  jetty-ssl-context file that blocks everything below TLS 1.2 by default.