DCE -Disable SSLv2, v3, TLS 1.0 and 1.1

DCIM_Support · ‎2020-07-03

Preview

Running a vulnerability scan we found the server can fall back into non-secure protocols. It is Data Center Expert ver. 7.4.2

Question

How to disable SSL v2, SSL v3, TLS 1.0 and TLS 1.1? While leaving TLS 1.2 onwards as the only option available.

Also. Non-secure connections should not be permitted.

I found a similar thread but can't find an specific answer: DCO - Vulnerability using Protocol SSL - TLS

DCIM_Support · ‎2020-07-03

Hi Roberto,

There is no place in the UI where you can configure this at this time. Additionally, some older APC devices / firmwares may require the older versions of TLS and disabling that would cause communications to cease with those older devices. I will be sure to let engineering know of your concern and perhaps an enhancement request could make it to DCE but I can not promise.

Steve.

See Answer In Context

DCIM_Support · ‎2020-07-03

Hi Roberto,

There is no place in the UI where you can configure this at this time. Additionally, some older APC devices / firmwares may require the older versions of TLS and disabling that would cause communications to cease with those older devices. I will be sure to let engineering know of your concern and perhaps an enhancement request could make it to DCE but I can not promise.

Steve.

DCIM_Support · ‎2020-07-03

Understood, thanks Steven M.

DCIM_Support · ‎2020-07-03

I am currently at Data Center Expert 7.2.2 , what version do I need to upgrade to in order to enable TLS 1.2 ? -Thanks

DCIM_Support · ‎2020-07-03

Hi,

I upgraded to 7.6.0 and run another scan. we are still failing because of TLSv1. when trying to disable it under System-> Server access I get "the currently displayed page contains invalid values" error message.

does anyone know how I could disable TLSv1?

DCIM_Support · ‎2020-07-03

Bump

DCIM_Support · ‎2020-07-03

Hello All,

Starting with Data Center Expert version 7.5.0 you can now disable select version of SSL/TLS. Below is the section from the release notes for v7.5.0:

SSL protocol selection

You can now select the allowed SSL protocols for the web server and private proxy in the System> Administration Settings > Server Access option. You can select multiple TLS and SSL protocol versions for the web server. You can select only one protocol for the private proxy.

Kind Regards,

Cory

FYI: Roberto Pereira, shirin, John Smith, & stephen bryant

DCIM_Support · ‎2020-07-03

Thanks!

DCIM_Support · ‎2020-07-03

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.