Trustwave's PCI scan keeps failing on my Fortimail 200D 5.2 - 458 with the following CVE's 2015-2808(SSL/TLS weak encryption Algorithms), 2014-2566(SSL/TLS weak encryption Algorithms), 2014-3566 (SSLv3 supported). I have enable strong-Crypto, and had my dispute approved for TLSv1.0 but these last 3 are giving me headaches....
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I updated the firmware after I ran the set strong-crypto,, I just ran the command again and the PCI scan is now clean??
**I recommend you register over at the new FUSE Forums**
Kmartin wrote:Trustwave's PCI scan keeps failing on my Fortimail 200D 5.2 - 458 with the following CVE's 2015-2808(SSL/TLS weak encryption Algorithms), 2014-2566(SSL/TLS weak encryption Algorithms), 2014-3566 (SSLv3 supported). I have enable strong-Crypto, and had my dispute approved for TLSv1.0 but these last 3 are giving me headaches....
I assume here you are referring to SMTPS not the GUI, as these protocols should be
The problem with Audit scans like this is they are normally designed with HTTPS Web sites with payment processing involved. Like it or not, email is traditionally an insecure protocol. If you enforce blocking of SSLv3/TLS1.0 in an email environment, the result is normally that the remote server will just downgrade the connection to SMTP which is self defeating.
However, we added commands to help you here in 5.2.5
config sys global
set ssl-versions tls1_2 <-select the required versions
end
I still don't recommend it as you will I think we are a way off before we can drop all of these legacy protocols without issue, this is why FortiMail supports IBE for when security is an absolute requirement.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.