Hey Guys, we ran a vuln scan on the ICG server and came back with these items to remediate.
Anyone know how to get this remediated on Debian 9
SSL Server Supports Weak Encryption Vulnerability
Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)
Hey, which ICG Version are you using?
This may help: kb.igel.com/igelicg-2.01/en/how-to-configure-apache-tomcat-for-tls-1-2-only-19181648.html
ICG Version: 2.01.130
Thanks will try this
How to disable all but TLS 1.2 ? Scan keeps coming back the same
This is what I have
With that configuration it should be using 1.2 only – did you restart the service?
yes , systemctl restart `icg-server.service`
your scan may be calling out specific cipher suites then – I would recommend opening a ticket and including your ICG version, your Debian version, and further information about those remediation items (which SSL/TLS versions and cipher suites are considered weak)
Thank you
Continue reading and comment on the thread ‘How to harden iGEL ICG on Debian 9?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!
Popular Message Threads
- Error “AM_ERROR_AUTH_NETWORK_ERROR [65275]” adding store in Citrix Workspace App version 20.x on IGEL OS 11.04
- How to Install IGEL OS via a Bootable USB Drive
- How to change the default IGEL UMS admin password?
- Receiving error: “Citrix Receiver cannot create a secure connection in this browser” when launching a secure connection from Firefox on IGEL OS
- What distro of Linux the IGEL kernel is based on?
- IGEL UD3 (LX50) randomly get this error with Citrix: The X Request 130.1 caused error :”10: BadAccess ( attempt to access private resource denied) any ideas?
- Where to delete the certificates that cause ‘invalid certificate’ when trying to import an IGEL into UMS?