How to harden iGEL ICG on Debian 9?

Hey Guys, we ran a vuln scan on the ICG server and came back with these items to remediate.

Learn more, read the entire thread inside the IGEL Community o Slack

Anyone know how to get this remediated on Debian 9

SSL Server Supports Weak Encryption Vulnerability

Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)

Hey, which ICG Version are you using?

This may help:

ICG Version: 2.01.130

Thanks will try this

How to disable all but TLS 1.2 ? Scan keeps coming back the same

This is what I have

With that configuration it should be using 1.2 only – did you restart the service?

yes , systemctl restart `icg-server.service`

your scan may be calling out specific cipher suites then – I would recommend opening a ticket and including your ICG version, your Debian version, and further information about those remediation items (which SSL/TLS versions and cipher suites are considered weak)

Thank you

Continue reading and comment on the thread ‘How to harden iGEL ICG on Debian 9?’.  Not a member? Join Here!

Learn more, search the IGEL Knowledge Base

Ask a question or comment on the above message thread?

Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.

Submit a question, or Join Today!

Popular Message Threads

Categories & Tags: