GFI Support Home Start a conversation Sign in
Start a conversation
  1. Exinda
  2. GFI - Exinda Network Orchestrator Articles
  3. Articles

Disabling TLS 1.0 and 1.1 in Exinda Firmware Version 7.6.0

Overview

The Exinda appliance running firmware version 7.6.0 was found to support TLS 1.0 and 1.1, which are considered security vulnerabilities. This issue requires manual intervention to disable these protocols by editing Apache configuration files via CLI. The problem is a known vulnerability in version 7.6.0, and a fix is planned for a future firmware update.

Information

Issue: TLS 1.0 and 1.1 detected in Exinda firmware version 7.6.0, posing a security risk.

Affected Version: 7.6.0

Resolution Steps:

  1. Access the Exinda Appliance:
    • SSH into your Exinda appliance.
  2. Enter Privileged Mode:
    • Enter privileged mode and remount the filesystem as read/write:
    • en
_shell
remountrw
  3. Edit Apache Configuration:
    • Edit the Apache configuration template:
    • vi /opt/tms/lib/md/templates/httpd.conf
    • Locate the lines for SSLProtocol and SSLCipherSuite.
    • To disable TLS 1.0 and 1.1, set:
    • SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    • Adjust SSLCipherSuite as needed for your security requirements.
  4. Restart Apache Service:
    • Save the changes and restart the Apache service:
    • cli
pm process httpd restart
  5. Verify Changes:
    • Re-run your vulnerability scan to confirm that TLS 1.0 and 1.1 are no longer detected.

Important Notes:

  • Editing system files is an advanced operation. Ensure you have a backup of your configuration before proceeding.
  • A temporary license key may be required for restricted commands. Contact GFI Exinda Support to obtain one.
  • The issue is a known vulnerability in version 7.6.0, with a fix planned for a future firmware update.

Frequently Asked Questions

How do I know if my Exinda appliance is affected by this TLS issue?
If your vulnerability assessment detects TLS 1.0 and 1.1 on your Exinda appliance running firmware version 7.6.0, you are affected by this issue.
What should I do if I need a temporary license for restricted commands?
Contact GFI Exinda Support with your Host ID and firmware version to request a temporary license key.
When will the fix for this TLS issue be available?
The fix for this TLS issue is planned for a future firmware update. Please monitor upcoming releases for updates.
Can I disable TLS 1.0 and 1.1 through the Exinda GUI?
No, the Exinda firmware does not provide a GUI option to disable TLS 1.0 and 1.1. Manual configuration via CLI is required.
Choose files or drag and drop files
ai_initiated
atlas_studio
kb_automation
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments