[ST-203] TLSV1.0 PROTOCOL ENABLED - Workterra Jira

Details

Type: Enhancement
Status: Closed
Priority: Medium
Resolution: Unresolved
Component/s: BenAdmin
Labels:
- Security

Module:
BenAdmin - Security
Reported by:
Support
Item State:
Production Complete - Closed

Description

Vulnerability Description
Transport Layer Security (TLS) version 1.0 has been found to contain protocol-level weaknesses.

Impact
Given the theoretical nature of attacks on TLS 1.0, supporting TLS 1.0 is not a risk-oriented decision. That being said, history has shown that as cryptographic attacks age, they get stronger (i.e. easier to exploit).

Verification and Attack Information
Praetorian verified the TLS v1.0 protocol was enabled on the application server using SSLScan, an automated SSL/TLS scanning tool. The application server accepted the TLS v1.0 protocol, as shown in the images below.

Recommendation
Praetorian recommends following Mozilla’s SSL/TLS (see reference below) configuration suggestions as a guide for ciphersuite support. These configurations provide high-security and high-availability to SSL/TLS clients.

References
https://mozilla.github.io/server-side-tls/ssl-config-generator/
https://cipherli.st/
https://www.wolfssl.com/wolfSSL/Blog/Entries/2010/12/14_A_Comparison_of_TLS_1.1_and_TLS_1.2.html

Attachments

Activity

Transition	Time In Source Status	Execution Times

Vijayendra Shinde (Inactive) made transition - 20/Sep/16 06:24 AM

New Request

Pending for Approval

112d 26m

Vijayendra Shinde (Inactive) made transition - 20/Sep/16 06:25 AM

Pending for Approval

Rejected

Vijayendra Shinde (Inactive) made transition - 20/Sep/16 06:25 AM

Rejected

Closed

People

Assignee:: Vijayendra Shinde (Inactive)

Reporter:: Vijayendra Shinde (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 31/May/16 05:58 AM

Updated:: 20/Sep/16 06:25 AM