Disable weak ciphers for REST API

[stsc_srzc]

Hi everyone!

We got a finding from our Greenbone security scanner that we have a week cipher enabled on port 4443 of our Veeam Backup for Microsoft 365 server. This is the REST API port. We upgraded to 7.0.0.3604 P20230512 but the finding persists.

Is there a way to turn of single ciphers for the REST API service? It would also be helpful to turn of TLS 1.2, SSLv2.


All the best
Stefan

Here is the finding in detail:

Summary
This routine reports all SSL/TLS cipher suites accepted by a service
where attack vectors exists only on HTTPS services.


Detection Result

'Vulnerable' cipher suites accepted by this service via the SSLv3 protocol:

TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)

[Polina]

Hi stsc_srzc,

TLS 1.2 is still in use by the product, while all other outdated cipher suites will be removed in the next version. Turning them off in the current version is not possible, I'm afraid.

Thanks!

[Seb.pythoud]

Hi everyone.

Any news on this please ?
We run v7.1.0.1301 and looks like deprecated SSLv3 is still used.

Seb

[Polina]

Hi Seb,

The change is planned for the next major product version (v8).

Thanks!