Link to home
Start Free TrialLog in
Avatar of Joe
JoeFlag for United States of America

asked on

I cannot resolve SSL/TLS Vulnerabilities on my network. SERVER 2008 r2

I have two particular vulnerabilities that were found by our Qualys scan.

Vulnerability 1:  SSL/TLS Server supports TLSv1.0

Solution disable TLS 1.0

What I did. Set the registry entries below.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000

The vulnerability is still showing up.

Vulnerability 2:  Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)

Solution: Disable DES and 3DES.

What I did.

Set the following Reg entries:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 168/168]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168]
"Enabled"=dword:00000000


For some reason the vulnerabilities are still showing up on the server.  I have followed what I have read on microsoft. I am beginning to think that it is a false positive.
ASKER CERTIFIED SOLUTION
Avatar of Scott Silva
Scott Silva
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of btan
btan
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Joe
Joe
Flag of United States of America image

ASKER

Yes, i have used IIS crypto to disable the protocols as specified and they are still showing up as vulnerabilities in Qualys.
Avatar of btan
btan
Assume you have already rebooted the system. You need to check if it is pertaining to application as there may be SSL that is implemented and configured to use otherwise like the case of Apache or those using Openssl. Check the server on service port for SSL and to what processes is interacting with it
Avatar of Joe
Joe
Flag of United States of America image

ASKER

According to the scan it is affecting port 2381. Which is the HP systems management homepage. I just spoke with my boss and he informed me that he's aware of this being out of date and we need to update the SPP.
Avatar of btan
btan
Looks like it may be the culprit  for the finding and it has config file using Apache and openssl, better to upgrade
https://community.saas.hpe.com/t5/Systems-Insight-Manager-Forum/HP-System-Management-Homepage-and-SSL-Server-Allows-Anonymous/m-p/797053
Avatar of Joe
Joe
Flag of United States of America image

ASKER

The HP homepage needed to be updated. The solutions selected helped resolve other vulnerabilities.