Skip to main content
NetApp Knowledge Base

TLS vulnerability reported in security scan even though the specified TLS version is disabled

Views:
877
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9
  • Transport Layer Security (TLS)
  • Qualys ID 38794

Issue

  • A security scan report shows vulnerability for an IP in the cluster stating an older TLS version is enabled:

vulnerability(ies): Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server Supports Transport Layer Security (TLSv1.1)

  • However, from the cluster, that TLS version is not seen:

Cluster::> set advanced
Cluster::*> security config show -fields supported-protocols
interface supported-protocols
--------- -------------------
SSL       TLSv1.2, TLSv1.3

  • The nmap output for the affected IP from a Linux host lists the ciphers for the older TLS version:

Linux@Host# nmap -sV --script ssl-enum-ciphers.nse -p 443 10.XX.XX.XXX

Starting Nmap 5.51 ( http://nmap.org ) at 2023-05-17 09:12 PDT
Nmap scan report for user.group.com (10.XX.XX.XXX)
Host is up (0.0011s latency).
PORT    STATE SERVICE  VERSION
443/tcp open  ssl/http Apache httpd
| ssl-enum-ciphers: 
|   TLSv1.1
|     Ciphers (4)
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|       TLS_RSA_WITH_AES_128_CBC_SHA
|       TLS_RSA_WITH_AES_256_CBC_SHA
|     Compressors (1)
|       uncompressed
|   TLSv1.2
|     Ciphers (12)
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|       .......

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.

 

  • Was this article helpful?