This is using few Fortigate 80C and 200B firewall. Recently, my network security team conducted a network equipment security scan and found the following "security breach" as follows:
2.9.On page 26 item: SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE)
Solution: Disable SSLv3 support to avoid this vulnerability
2.10 On page 27 item: SSL Server Supports Weak Encryption Vulnerability
Solution: Disable support for LOW encryption ciphers.
2.11 On page 29 item: SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability (BEAST)
Solution: This attack was identified in 2004 and later revisions of TLS protocol which contain a fix for this. If possible, upgrade to TLSv1.1 or TLSv1.2. If upgrading to TLSv1.1 or TLSv1.2 is not possible, then disabling CBC mode ciphers will remove the vulnerability
1.5 On page 23 item: OpenSSL Memory Leak Vulnerability (Heartbleed Bug)
Solution: Update to Version 1.0.1g to resolve this issue. The latest version is available for download fromOpenSSL Web site (http://www.openssl.org/source/
1.6 On page 25 item: OpenSSL Multiple Remote Security Vulnerabilities
Solution: Customers are advised to install OpenSSL versions 0.9.8za, 1.0.0m, 1.0.1h (http://www.openssl.org/related/binaries.html
) or later to remediate this vulnerability
How to resolve the SSL issue? Appreciate any suggestion.