Wondering if anyone can help with a PCI DSS Compliance issue.
Firewall running FortiOS v6.0.12
External vulnerability scan is showing "Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Server Supports Transport Layer Security (TLSv1.1) port 443/udp over SSL"
We do have SSL VPN running on port 443.
I've done the following to try to disable TLS v1.1:
config system global
set admin-https-ssl-versions tlsv1-2
config vpn ssl settings
set tlsv1-1 disable
The issue on the external vulnerability scan keeps coming up.
Any suggestions? Have I missed another setting somewhere?
Well, well, well ...
Just on a whim I decided to try a third-party test: https://www.cdn77.com/tls-test
That site reports that TLS 1.3 and 1.2 are Enabled ... and TLS 1.1 and 1.0 are Disabled.
Which is what I expected from my config.
So perhaps my regular Qualys Vulnerability Scan is reporting a False Positive on TLS 1.1 ?
Anyone else using Qualys for external vulnerability scans?
Any issues with false positives with Fortigate units?