I have a customer who received multiple failures in their monthly PCI DSS scan (by an outside provider). They are seeing hits on SSL v3 and v2, as well as TLS 1 being supported. Essentially it's complaining that SSL is available because port 443 is used by outgoing apps, and 1550 is the management port for reaching the firewall from the WAN interface.
My question is this: Is there a way to force the client and or firewall to use a stronger version of TLS in order to mitigate this? I'm of the opinion that there isn't, as the client will use whatever the application is using.
Thanks for any info,