SSL version 2 and V3 is enabled and we need to disable it on the TIM Server.
We also want to address weak Cipher and HTTP Strict Transport Security (HSTS) vulnerabilities on the TIM Server.
Release : 10.7.0
Component : Introscope
The TIM Server is using the Apache HTTP Server and these vulnerabilities are related to Apache HTTP Server.
To address these vulnerabilities, modify the ssl.conf file on the TIM Server.
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
Remove weak Ciphers by modifying the SSLCipherSuite parameter in ssl.conf file.
To address the HTTP Strict Transport Security (HSTS), review the following document: