2 Replies Latest reply on May 1, 2020 5:03 AM by dbenav

    VCENTER 6.7 TLS Version 1.1 Protocol Detection on Port 5432

    dbenav Novice

      Hello,

       

      The Nessus scanner  detect TLS1.1 on Vcenter 6.7 -   - Build number  15976714  any idea how to disable the TLS1.1 and allow only TLS1.2 on specific port 5432?

      Currently all other ports use only TLS1.2

       

       

      Synopsis

      The remote service encrypts traffic using an older version of TLS.

      Description

      The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1  As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.  PCI DSS v3.2 still allows TLS 1.1 as of June 30, 2018, but strongly recommends the use of TLS 1.2. A proposal is currently before the IETF to fully deprecate TLS 1.1 and many vendors have already proactively done this.

      Output from most recent scan

      TLSv1.1 is enabled and the server supports at least one cipher.

      Solution

      Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.