Operational Defect Database
BugZero found this defect 951 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000SNJaSAO
Network security scan shows TLS 1.0/TLS 1.1 connections allowed to AuthPoint Gateway service ports
Last update date:
10/13/2021
Affected products:
AuthPoint
Affected releases:
All
AuthPoint
Fixed releases:
All
Description:
Issue
The AuthPoint Gateway uses TCP ports 9000-9003 for communication between the different AuthPoint Gateway components. Network security scans might detect these service ports as insecure because they allow TLS 1.0 or TLS 1.1 connections.
Workaround/Solution
Protocols and ciphers allowed by the AuthPoint Gateway come from Java. Most versions of Java 8 and Java 11 allow TLS 1.0 and TLS 1.1 by default. You can disable support for TLS 1.0/TLS 1.1 from the JRE. To disable support for TLS 1.0\TLS 1.1 in Java: Find the java.security configuration file. Based on which version of Java is installed, this file will be in one of these locations: Java 8: %JAVA_HOME%/jre/lib/security/java.securityJava 11: %JAVA_HOME%/conf/security/java.security Open the java.security file, and locate the jdk.tls.disabledAlogrithms line.Add TLSv1 and TLSv1.1 to the comma separated list of values. Before:jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL After:jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL After you update and save the java.properties file, restart the AuthPoint Gateway services so that the change takes effect.
