Hi,
We have Solarwinds server and application monitor set-up on Windows 2008 R2 server. Our companies security vulnerability scanner is reporting the following High alert for port 443, which is port Solarwinds uses. Were trying to determine if this is related to Solarwinds configuration or some other server setup issue not related to Solarwinds? The system is up to date on patches. Any help would be appreciated..
[high] [443/tcp/www] TLS Version 1.2 Protocol Not Enabled
TLS v1.2 is not enabled on this port.
CVE#:
Summary:
The remote service encrypts communications but does not have TLS 1.2 enabled.
Details:
TLSv1.2 is not currently enabled on a service that currently supports SSL/TLS traffic. Due to recent security concerns with encrypted protocols, device and application owners are advised to ensure that their systems and applications support version 1.2 in preparation for future efforts to eliminate use of TLSv1.0 and v1.1.
Fix:
Enable TLSv1.2.
Because every application/service handles this differently, it is advised to consult product documentation or support personnel. In many cases, the product may not yet even support v1.2, in which case it is advised to open a defect/problem ticket with product support.
As with most configuration changes, restart the service to make sure the change takes effect.
Thanks