This question was originally posted on DCIM Support by juice on 2018-07-05
Our StruxureWare Portal server has been identified as a Security risk to the business. See below Vulnerability errors from our Security Team:
TLS/SSL RC4 Cipher Suites Information Disclosure Vulnerability [FID 18179]
SSL/TLS Protocol Triple-DES Information Disclosure Vulnerability [FID 20465]
SSLv3 Information Disclosure Vulnerability [FID 17281]
Web Server Supports Outdated SSLv2 Protocol [FID 1858]
With the exception of error " Web Server Supports Outdated SSLv2 Protocol [FID 1858]" McAfee recommends to disable the TLS/SSL protocol.
Please advise what is the impact should we proceed to disable these protocols.
Portal version - 1.3.5
This answer was originally posted on DCIM Support by Jef Faridi on 2018-07-09
I was wondering perhaps restricting the ssl protocol to TLS 1.2 (sslProtocol="TLSv1.2") could be an option to try out. Following page describes how to enable/configure ssl in Portal: Enable SSL in StruxureWare Portal
However Portal is based on Liferay 6 (currently no plans for update) so I won't be surprised if it doesn't pass the vulnerability scans.
This comment was originally posted on DCIM Support by juice on 2018-07-11
Thank you Jeff... very much appreciated.
I wil have to raise this at our change management.
Once again thank you for your assistance
This comment was originally posted on DCIM Support by Jef Faridi on 2018-07-11
You are most welcome, Juice
Discuss challenges in energy and automation with 30,000+ experts and peers.
Find answers in 10,000+ support articles to help solve your product and business challenges.
Find peer based solutions to your questions. Provide answers for fellow community members!