Project SimpleProject Type: software

Project Simple

Uploaded image for project: 'Project Simple'
  1. Project Simple
  2. ST-203

TLSV1.0 PROTOCOL ENABLED

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Medium
    • Resolution: Unresolved
    • Component/s: BenAdmin
    • Labels:
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete - Closed

      Description

      Vulnerability Description
      Transport Layer Security (TLS) version 1.0 has been found to contain protocol-level weaknesses.

      Impact
      Given the theoretical nature of attacks on TLS 1.0, supporting TLS 1.0 is not a risk-oriented decision. That being said, history has shown that as cryptographic attacks age, they get stronger (i.e. easier to exploit).

      Verification and Attack Information
      Praetorian verified the TLS v1.0 protocol was enabled on the application server using SSLScan, an automated SSL/TLS scanning tool. The application server accepted the TLS v1.0 protocol, as shown in the images below.

      Recommendation
      Praetorian recommends following Mozilla’s SSL/TLS (see reference below) configuration suggestions as a guide for ciphersuite support. These configurations provide high-security and high-availability to SSL/TLS clients.

      References
      https://mozilla.github.io/server-side-tls/ssl-config-generator/
      https://cipherli.st/
      https://www.wolfssl.com/wolfSSL/Blog/Entries/2010/12/14_A_Comparison_of_TLS_1.1_and_TLS_1.2.html

        Attachments

          Activity

          No work has yet been logged on this issue.

            People

            Assignee:
            vijayendra Vijayendra Shinde (Inactive)
            Reporter:
            vijayendra Vijayendra Shinde (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: