Hi everyone!
We got a finding from our Greenbone security scanner that we have a week cipher enabled on port 4443 of our Veeam Backup for Microsoft 365 server. This is the REST API port. We upgraded to 7.0.0.3604 P20230512 but the finding persists.
Is there a way to turn of single ciphers for the REST API service? It would also be helpful to turn of TLS 1.2, SSLv2.
All the best
Stefan
Here is the finding in detail:
Summary
This routine reports all SSL/TLS cipher suites accepted by a service
where attack vectors exists only on HTTPS services.
Detection Result
'Vulnerable' cipher suites accepted by this service via the SSLv3 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
'Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
-
- Influencer
- Posts: 23
- Liked: 2 times
- Joined: Feb 21, 2013 11:53 am
- Contact:
-
- Veeam Software
- Posts: 3270
- Liked: 791 times
- Joined: Oct 21, 2011 11:22 am
- Full Name: Polina Vasileva
- Contact:
Re: Disable weak ciphers for REST API
Hi stsc_srzc,
TLS 1.2 is still in use by the product, while all other outdated cipher suites will be removed in the next version. Turning them off in the current version is not possible, I'm afraid.
Thanks!
TLS 1.2 is still in use by the product, while all other outdated cipher suites will be removed in the next version. Turning them off in the current version is not possible, I'm afraid.
Thanks!
-
- Service Provider
- Posts: 16
- Liked: never
- Joined: Dec 19, 2017 7:48 pm
- Full Name: S.Pythoud
- Location: Switzerland
- Contact:
Re: Disable weak ciphers for REST API
Hi everyone.
Any news on this please ?
We run v7.1.0.1301 and looks like deprecated SSLv3 is still used.
Seb
Any news on this please ?
We run v7.1.0.1301 and looks like deprecated SSLv3 is still used.
Seb
-
- Veeam Software
- Posts: 3270
- Liked: 791 times
- Joined: Oct 21, 2011 11:22 am
- Full Name: Polina Vasileva
- Contact:
Re: Disable weak ciphers for REST API
Hi Seb,
The change is planned for the next major product version (v8).
Thanks!
The change is planned for the next major product version (v8).
Thanks!