We have removed SSLv3 in ADSP version 9.4.0-11 release which is a Bug Fix.
However, for the system to use TLS 1.2 – this needs to happen on both sides (both WING AND ADSP)
– the sensor (use WING version 5.8.3 or higher) and ADSP appliance (use 9.4.0-11).
Just upgrading one or the other will not result in TLS 1.2.
IMPORTANT NOTE as per ADSP V 9.3.0-09 AND ABOVE Release Notes:
With ADSP 9.3.0 SSLv3 communication for sensor to server communication can be turned off completely. For all other communication (e.g. UI/ Toolkit etc.) SSLv3 was disabled in previous releases. By default SSLv3 communication is left enabled in ADSP 9.3 to permit communication with legacy sensors. To disable the SSLv3 communication please follow the steps below. Also, note that WiNG 5.8.3 or higher firmware must be used on sensors when SSLv3 is turned off as those releases support TLS v1.2
This should resolve the vulnerability scan problem.
- Login to ADSP with smxmgr credentials
- Select the “Config option” (type C)
- At the end of the menu options, it will show “(SSLv3) Enable/Disable SSLv3 for Sensor-Server Communication”
- Type “SSLv3”
- The system will display current status of SSLv3 in the system. If it is currently disabled, it will allow the user to enable it.
- Type E to enable/ D to disable
- Type Q to quit
- System will now warn that ADSP services will need to restart.
- Type Yes to continue.
- Once you exit of the WIPSadmin login, the ADSP service will be restarted