Solved: Re: How to close vulnerability "TSLv1 weak encryption algorithm in FTD".

mumbai.support · ‎03-03-2021

We have found TSLv1 weak encryption algorithm in FTD in audit and they suggest mitigate it with latest TSLv. But in present we can see only TSLv1.2 is available with in FMC, both FMC and FTD version 6.4.0.7.

Is it close once we upgrade it with TSLv1.2 and Does it any impact?

Rob Ingram · ‎03-05-2021

@mumbai.support

Yes it does, if you are using TLS protocol.

Most modern operating systems should support TLS 1.2.

The guide shows you how to make the changes and test.

HTH

View solution in original post

Rob Ingram · ‎03-03-2021

Hi @mumbai.support

You should be fine disabling older versions of TLS and just using TLS 1.2, most modern supported operating systems supports TLS 1.2.

Refer to this guide for more information about TLS on FTD.

Bear in mind if you are using Remote Access VPN and want to use DTLS 1.2 then you need to upgrade to FMC/FTD 6.6.

HTH

mumbai.support · ‎03-05-2021

Hi Rob Ingram,

Thank You...!

If I change it from 1.0 to 1.2 then does it any impact in remote VPN CISCO AnyConnect?

Rob Ingram · ‎03-05-2021

@mumbai.support

Yes it does, if you are using TLS protocol.

Most modern operating systems should support TLS 1.2.

The guide shows you how to make the changes and test.

HTH

SurajS · ‎04-06-2021

Thank You...! It is working.