Nessus vulnerability scan report about H3C firewall SSL weak cipher
Go to "Objects" -> "SSL" -> "SSL Server Policies"
You will found that even you select "TLS 1.2" and Cipher suites "High level":
SSL_RSA_with_AES_128_CBC_SHA
SSL_RSA_with_AES_256_CBC_SHA
You still false in the security scanning report and it will show weak cipher.
Solution:
Use the following 4 Cipher:
https://www.tenable.com/plugins/nessus/156899
After change the cipher under firewall GUI, then SSH to the firewall
> system-view
] undo ip https enable
] ip https enable
] save force
] exit
>
No comments:
Post a Comment