need to fix netbotz vulnerability in 570model

The below vulberabililty need to fi.

• SHA-1-based Signature in TLS/SSL Server X.509 Certificate
• TLS Server Supports TLS version 1.1
• TLS/SSL Server Supports The Use of Static Key Ciphers
• Weak Cryptographic Key

SHA-1-based Signature in TLS/SSL Server X.509 Certificate

Stop Using SHA-1

Configuration remediation steps

Stop using signature algorithms relying on SHA-1, such as "SHA1withRSA", when signing X.509 certificates. Instead, use the SHA-2 family (SHA-224, SHA-256, SHA-384, and SHA-512).

TLS Server Supports TLS version 1.1

Disable insecure TLS/SSL protocol support

Configuration remediation steps

Configure the server to require clients to use TLS version 1.2 using Authenticated Encryption with Associated Data (AEAD) capable ciphers.

TLS/SSL Server Supports The Use of Static Key Ciphers

Disable TLS/SSL support for static key cipher suites

Configuration remediation steps

Configure the server to disable support for static key cipher suites.

For Microsoft IIS web servers, see Microsoft Knowledgebase article 245030 for instructions on disabling static key cipher suites.

The following recommended configuration provides a higher level of security. This configuration is compatible with Firefox 27, Chrome 22, IE 11, Opera 14 and Safari 7. SSLv2, SSLv3, and TLSv1 protocols are not recommended in this configuration. Instead, use TLSv1.1 and TLSv1.2 protocols.

Refer to your server vendor documentation to apply the recommended cipher configuration:

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

Weak Cryptographic Key

Use a Stronger Key

Configuration remediation steps

If the weak key is used in an X.509 certificate (for example for an HTTPS server), generate a longer key a

(CID:152077339)