- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: ReadyNAS Weak Encryption PCI Compliance Fails TLS1.0 & SSLv3
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ReadyNAS Weak Encryption PCI Compliance Fails TLS1.0 & SSLv3
We have two ReadyNas 314 units that host FTPS connections available to the internet. How can we disable TLSv1.0 and SSLv3 as encryption algorithms?
Even though absolutely no credit card data ever passes through these devices or is stored on them, simply having them responding on our network is enough to cause us to fail our PCI compliance scan every time.
TLSv1.0 Supported Medium 5.00 Fail Note to scan customer:
This vulnerability is not recognized in the National Vulnerability
Database. TLS v1.0 violates PCI DSS and is considered an automatic
failing condition.
Insecure Certificate Signature
Algorithm in Use, CVE-2004-
2761
Medium 5.00 Fail
SSL Certificate Public Key Too
Small
Medium 5.00 Fail
SSLv3 Supported, CVE-2014-
3566
Medium 5.00 Fail Note to scan customer:
SSL v3.0 violates PCI DSS and is considered an automatic failing
condition.
All of these conditions are being triggered by the ReadyNAS devices.
Please tell me there is a way to get into the CLI and disable them? If not, we need a new firmware immediately. This is unacceptable.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS Weak Encryption PCI Compliance Fails TLS1.0 & SSLv3
Sent you a PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS Weak Encryption PCI Compliance Fails TLS1.0 & SSLv3
Hi,
Did you get this resolved?
Could you also provide what firmware version you were using during the testing?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS Weak Encryption PCI Compliance Fails TLS1.0 & SSLv3
What was the resolution of the failed compliance issue? I have the same problem with the FVS318V3 running V3.0_28.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS Weak Encryption PCI Compliance Fails TLS1.0 & SSLv3
Hello ray-sprong,
Welcome to the community!
Firmware version V3.0._28 is the fix for critical vulnerability issue (SSL/TLX Authentication GAP issue). If yours is not fixed, try a firmware reflash followed by a factory reset and see if it will resolve it.
Let us know.
thanks,