Reply

is disabling SSL2 + 3 possible on GS752TPv2

UPP_Ronnie
Luminary

is disabling SSL2 + 3 possible on GS752TPv2

Hi all,

 

Is it possible to disable SSL2 and 3 on GS752TPv2??We have a Nessus vulnerability scan highlighting that this switch is using unsecure SSL version.

 

Thx

Ronnie

Model: GS752TPv2|48-Port Gigabit Ethernet PoE+ Smart Managed Pro Switch with 4 SFP Ports (380W)
Message 1 of 6
schumaku
Guru

Re: is disabling SSL2 + 3 possible on GS752TPv2

True, and asked several times recently. As log as no https connection is established using SSL2 or 3 (decent browsers won't use it), there is no risk for exposing data. So no rush...

Message 2 of 6
UPP_Ronnie
Luminary

Re: is disabling SSL2 + 3 possible on GS752TPv2

True that clients would try highest protocol and crypto first but i guess someone wanting to exploit ssl2 and 3 vulnerability would find a way to force that protocol.

But i take it is not possible?

Message 3 of 6
schumaku
Guru

Re: is disabling SSL2 + 3 possible on GS752TPv2

Sure one could force the protocol to be used on the client side, then e.g. login, while capturing the data transferred - what require again physical access to the data path. So how real is that in your environment? Do you access the switch using https in plain connection mode (off a VPN) over the wild Internet or an uncontrolled connection?

 

Look, I don't deny these obsolete stuff must be removed (not just disabled)...  @YeZ please, what is the status for updating al the maintained switches supporting https?

Message 4 of 6
UPP_Ronnie
Luminary

Re: is disabling SSL2 + 3 possible on GS752TPv2

We dont access this off network. we only access this from the local site or via the VPLS network.

Message 5 of 6
schumaku
Guru

Re: is disabling SSL2 + 3 possible on GS752TPv2

So you have the answer for the scan or audit result - it's not green (Netgear has to change this....), but it's acceptable until remediation is available.

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 584 views
  • 1 kudo
  • 2 in conversation
Announcements