topic TLS Vulnerabilities. in General Topics https://live.paloaltonetworks.com/t5/general-topics/tls-vulnerabilities/m-p/324026#M95681 <P>Hi</P> <P>&nbsp;</P> <P>I am running Minemeld on Ubuntu 16.04</P> <P>&nbsp;</P> <P>The server is starting to show up in Vulnerability Scans depsite updating Ubuntu.</P> <P>&nbsp;</P> <P>This is a list of the Vulnerbilties.</P> <P>&nbsp;</P> <TABLE width="487"> <TBODY> <TR> <TD width="487">TLS Server Supports TLS version 1.0</TD> </TR> <TR> <TD>TLS Server Supports TLS version 1.1</TD> </TR> <TR> <TD>Diffie-Hellman group smaller than 2048 bits</TD> </TR> <TR> <TD>TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)</TD> </TR> <TR> <TD>TLS/SSL Server Supports 3DES Cipher Suite</TD> </TR> <TR> <TD>TLS/SSL Server Is Using Commonly Used Prime Numbers</TD> </TR> <TR> <TD>TLS/SSL Server Supports The Use of Static Key Ciphers</TD> </TR> <TR> <TD>TLS/SSL Server is enabling the BEAST attack</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>I suspect therefore the Minemeld may rely on some of the above?</P> <P>&nbsp;</P> <P>Is there anyway i can resolve these vulnerabilities without detrimentally impacting Minemeld?</P> <P>&nbsp;</P> <P>Regards</P> <P>&nbsp;</P> <P>Stu</P> Tue, 21 Apr 2020 10:39:09 GMT Stuart_Walton 2020-04-21T10:39:09Z TLS Vulnerabilities. https://live.paloaltonetworks.com/t5/general-topics/tls-vulnerabilities/m-p/324026#M95681 <P>Hi</P> <P>&nbsp;</P> <P>I am running Minemeld on Ubuntu 16.04</P> <P>&nbsp;</P> <P>The server is starting to show up in Vulnerability Scans depsite updating Ubuntu.</P> <P>&nbsp;</P> <P>This is a list of the Vulnerbilties.</P> <P>&nbsp;</P> <TABLE width="487"> <TBODY> <TR> <TD width="487">TLS Server Supports TLS version 1.0</TD> </TR> <TR> <TD>TLS Server Supports TLS version 1.1</TD> </TR> <TR> <TD>Diffie-Hellman group smaller than 2048 bits</TD> </TR> <TR> <TD>TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)</TD> </TR> <TR> <TD>TLS/SSL Server Supports 3DES Cipher Suite</TD> </TR> <TR> <TD>TLS/SSL Server Is Using Commonly Used Prime Numbers</TD> </TR> <TR> <TD>TLS/SSL Server Supports The Use of Static Key Ciphers</TD> </TR> <TR> <TD>TLS/SSL Server is enabling the BEAST attack</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>I suspect therefore the Minemeld may rely on some of the above?</P> <P>&nbsp;</P> <P>Is there anyway i can resolve these vulnerabilities without detrimentally impacting Minemeld?</P> <P>&nbsp;</P> <P>Regards</P> <P>&nbsp;</P> <P>Stu</P> Tue, 21 Apr 2020 10:39:09 GMT https://live.paloaltonetworks.com/t5/general-topics/tls-vulnerabilities/m-p/324026#M95681 Stuart_Walton 2020-04-21T10:39:09Z Re: TLS Vulnerabilities. https://live.paloaltonetworks.com/t5/general-topics/tls-vulnerabilities/m-p/324029#M95682 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/9112">@Stuart_Walton</a>&nbsp;,</P> <P>all the TLS settings are defined in the nginx config. You can safely change the nginx config to apply your TLS best practices.</P> <P>&nbsp;</P> <P>Luigi</P> Tue, 21 Apr 2020 10:41:41 GMT https://live.paloaltonetworks.com/t5/general-topics/tls-vulnerabilities/m-p/324029#M95682 lmori 2020-04-21T10:41:41Z