NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

UPP_Ronnie's avatar
UPP_Ronnie
Tutor
Dec 01, 2020

is disabling SSL2 + 3 possible on GS752TPv2

Hi all,

 

Is it possible to disable SSL2 and 3 on GS752TPv2??We have a Nessus vulnerability scan highlighting that this switch is using unsecure SSL version.

 

Thx

Ronnie

5 Replies

  • schumaku's avatar
    schumaku
    Guru
    Dec 01, 2020

    True, and asked several times recently. As log as no https connection is established using SSL2 or 3 (decent browsers won't use it), there is no risk for exposing data. So no rush...

    • UPP_Ronnie's avatar
      UPP_Ronnie
      Tutor
      Dec 01, 2020

      True that clients would try highest protocol and crypto first but i guess someone wanting to exploit ssl2 and 3 vulnerability would find a way to force that protocol.

      But i take it is not possible?

      • schumaku's avatar
        schumaku
        Guru
        Dec 01, 2020

        Sure one could force the protocol to be used on the client side, then e.g. login, while capturing the data transferred - what require again physical access to the data path. So how real is that in your environment? Do you access the switch using https in plain connection mode (off a VPN) over the wild Internet or an uncontrolled connection?

         

        Look, I don't deny these obsolete stuff must be removed (not just disabled)...  YeZ please, what is the status for updating al the maintained switches supporting https?

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More