Solved: Disable TLSv1.0 in NSO

Shantha Kumar Selvaraj · ‎08-21-2017

Hi All,

Is there a way to disable TLSv1.0 in NSO and are here any implications of doing this,Couldn't find setting in ncs.conf,We are hitting Qualys QID 38628(SSL/TLS Server supports TLSv1.0) which is vulnerable.

Thanks

Akira Iwamoto · ‎08-22-2017

Check manual for ncs.conf.

-----

/ncs-config/webui/transport/ssl/protocols (string) [DEFAULT]

Specifies the SSL/TLS protocol versions to be used by the server

as a whitespace-separated list from the set sslv3 tlsv1 tlsv1.1

tlsv1.2, or the word "DEFAULT" (use all supported protocol

versions except sslv3).

-----

To remove sslv3 and tlsv1, the below config would do it.

add <protocols>

-----

<webui>

<ssl>

</ssl>

</transport>

</webui>

-----

View solution in original post

Akira Iwamoto · ‎08-22-2017

Check manual for ncs.conf.

-----

/ncs-config/webui/transport/ssl/protocols (string) [DEFAULT]

Specifies the SSL/TLS protocol versions to be used by the server

as a whitespace-separated list from the set sslv3 tlsv1 tlsv1.1

tlsv1.2, or the word "DEFAULT" (use all supported protocol

versions except sslv3).

-----

To remove sslv3 and tlsv1, the below config would do it.

add <protocols>

-----

<webui>

<ssl>

</ssl>

</transport>

</webui>

-----