This is an external scan. We forward ports such as 443 and 22 to specific Ubuntu machines. But both sshd and apache have been configured to accept only TLS1.2
Port 443 must be open to support the web server in our DMZ, and we need ssh to connect to each machine for administration purposes. (if there is a better way, I do not know what it is or how to do it --I am a programmer tasked with setting this up, so network and system administration is new to me - I am out of my area of expertise here). Thanks Ted On Fri, Jul 24, 2015 at 5:25 PM, Steve Yates <[email protected]> wrote: > Ted Byers wrote on Fri, Jul 24 2015 at 3:51 pm: > > > First, the scanner complains that TLS1 is supported and we need to > restrict > > it to TLS1.2. > > > Second, it appears that ssh-server on pfsense is version 6.6 > > Is this an internal scan or external? Hopefully those aren't > exposed externally. If internal, can access be limited to certain IPs? > > This probably isn't the forum to discuss, but the TLS 1.0 one is a > fun one...that will catch Remote Desktop Services, and Vista and below > don't support TLS 1.1+ period, and Windows 7 with IE10 or earlier don't > have TLS 1.1+ enabled by default. > > -- > > Steve Yates > ITS, Inc. > > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- R.E.(Ted) Byers, Ph.D.,Ed.D. [email protected] _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
