cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

ACS 5.3.40 is there patch available to support TLS 1.1 and 1.2 regarding SSL termination?

Hi,

We are trying to reduce our susceptibility to SSL BEAST information disclosure vulnerability regarding our ACS 5.3.40 system.

It's been suggested that we consider some  defensive measures such as cipher suite selection.
Wherever possible, we should ensure that servers and clients that support TLS/SSL are configured to support TLS versions 1.1 and 1.2, not just SSLv3 and TLSv1.0 which is often the default configuration.

Can you advise how this is done within the ACS 5.3.40 application? Is it just a case of patching to another level?

(Default SSLv3 and TLSv1.0 defaults are not deemed strong enough).

Thanks.

 
Who Me Too'd this topic