When I set to "any TLS", and connect to the site with Firefox I says me that: Connection Encrypted (TLS_RSA_WITH_AES_128_CBC_SHA, 128 bit keys, TLS 1.2) which seems correct to me. Can you "reproduce" the error with a tool that run localy so I can test it too? dirk
-------------------------------------------------------------------------------- From: Servers Alive Discussion List [mailto:salive@woodstone.nu] On Behalf Of Stratsianis, Spiros Sent: Thursday, December 15, 2016 6:00 AM To: Servers Alive Discussion List Subject: RE: [SA-list] SA's web server use TLS? We are running 8.1.2762 and the built in web server is set for ‘Any TLS’ (see attached screen shot) But our Nessus scanner came up with the following: Vulnerability: TCP port 4310 plain-ssl (e.g. https, imaps, smtps) supports vulnerable SSLv2 protocol which is susceptible for SSL DROWN attack ToDo: Disable SSLv2 and export grade cryptography cipher suites. Ensure that private keys are not used anywhere with server software that supports SSLv2 Any suggestions? Regards, Spiros From: Servers Alive Discussion List [mailto:salive@woodstone.nu] On Behalf Of Dirk Bulinckx Sent: Wednesday, 16 November 2016 2:05 AM To: Servers Alive Discussion List Subject: RE: [SA-list] SA's web server use TLS? >From build 2758 on you will be able to select the secuirty protocol you want >for the build-in webserver (including TLS 1.2). See http://beta.woodstone.nu (http://beta.woodstone.nu) Please "test" and let me know the result dirk. -------------------------------------------------------------------------------- From: Servers Alive Discussion List [mailto:salive@woodstone.nu (mailto:salive@woodstone.nu)] On Behalf Of Dirk Bulinckx Sent: Tuesday, November 15, 2016 8:40 AM To: Servers Alive Discussion List Subject: RE: [SA-list] SA's web server use TLS? In the current version it's limited to SSL. In the next beta upload we'll change that. dirk; -------------------------------------------------------------------------------- From: Servers Alive Discussion List [mailto:salive@woodstone.nu (mailto:salive@woodstone.nu)] On Behalf Of Stratsianis, Spiros Sent: Tuesday, November 15, 2016 2:00 AM To: Servers Alive Discussion List Subject: [SA-list] SA's web server use TLS? Hi, We are running SA 8.0.2725 and had its inbuilt web server detected as vulnerable as its using SSLv2. Can SA’s web server be configured to use a later version of TLS? Regards, Spiros CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify Siemens Ltd. or Siemens Ltd. (NZ) by return email and delete the document. To unsubscribe send a message with UNSUBSCRIBE in the subject line to salive@woodstone.nu (mailto:salive@woodstone.nu) If you use auto-responders (like out-of-the-office messages), make sure that they are not sent to the list nor to individual members. Doing so will cause you to be automatically removed from the list. No virus found in this message. Checked by AVG - www.avg.com (http://www.avg.com) Version: 2016.0.7859 / Virus Database: 4664/13410 - Release Date: 11/14/16 To unsubscribe send a message with UNSUBSCRIBE in the subject line to salive@woodstone.nu (mailto:salive@woodstone.nu) If you use auto-responders (like out-of-the-office messages), make sure that they are not sent to the list nor to individual members. Doing so will cause you to be automatically removed from the list. No virus found in this message. Checked by AVG - www.avg.com (http://www.avg.com) Version: 2016.0.7859 / Virus Database: 4664/13412 - Release Date: 11/15/16 To unsubscribe send a message with UNSUBSCRIBE in the subject line to salive@woodstone.nu (mailto:salive@woodstone.nu) If you use auto-responders (like out-of-the-office messages), make sure that they are not sent to the list nor to individual members. Doing so will cause you to be automatically removed from the list.CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify Siemens Ltd. or Siemens Ltd. (NZ) by return email and delete the document. To unsubscribe send a message with UNSUBSCRIBE in the subject line to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), make sure that they are not sent to the list nor to individual members. Doing so will cause you to be automatically removed from the list. No virus found in this message. Checked by AVG - www.avg.com (http://www.avg.com) Version: 2016.0.7924 / Virus Database: 4739/13594 - Release Date: 12/14/16 To unsubscribe send a message with UNSUBSCRIBE in the subject line to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), make sure that they are not sent to the list nor to individual members. Doing so will cause you to be automatically removed from the list.