Support #10995
[SCP ID :##5413##] : PCI DSS Finding: Usage of insecure TLS/SSL
Status: | Work Completed-End life cycle | Start date: | October 20, 2020 | |
---|---|---|---|---|
Priority: | Normal | Due date: | October 28, 2020 | |
Assignee: | Zahir Abd Latif | % Done: | 100% | |
Category: | System Enhancement | Spent time: | - | |
Target version: | - |
Description
Hi,
Kindly attend below request:-
CDB using TLS/SSL version 1.0.
Recommended version is 1.2.
History
#1 Updated by Nurul Athira Abdul Rahim about 4 years ago
- Assignee changed from Nurul Athira Abdul Rahim to Chun Feng Lim
#2 Updated by Nurul Athira Abdul Rahim about 4 years ago
- Status changed from New - Begin Life Cycle to Development / Work In Progress
#3 Updated by Chun Feng Lim about 4 years ago
- % Done changed from 0 to 10
Collect log on 11/07/2020, IBM provided a few troubleshooting steps. But problem still persist, pending for IBM on further feedback
#4 Updated by Chun Feng Lim about 4 years ago
- Status changed from Development / Work In Progress to Investigation
- % Done changed from 10 to 30
04/08/2020 Attempt to recreate issue at staging and submit ihs.out, access.log, error.log to IBM. In IBM feedback, BSN Web Server configuration has already disable TLSv1.0 & 1.1. Will perform another scanning using SSL Labs (https://www.ssllabs.com/ssltest/analyze.html?d=www.bsnebiz.com.my) in production during 11p.m after service hour for IBM further inspection.
05/08/2020 Submit log generate from 04/08, IBM response that no TLSv1.0 & TLSv1.1 entry found from both of BSN web server.
05/08/2020 Based on scan result of SSL Labs, a few weaker cipher standard was used for TLSv1.0 & TLSv1.1. IBM provided ways to disable these cipher, but didn't resolve the issue.
05/08/2020 IBM also provided ways to capture SSL_PROTOCOL_VERSION (TLS) & CIPHER (HTTPS_CIPHER) on web server. By setting Internet Explorer connect to bsnebiz.com.my using TLSv1.0 and TLSv1.1, but log showing TLSv1.2 was used during the connection. Currently suspect "10.10.91.109" are the device that changed TLS version during redirecting traffice to both BSN IBM Web Server. Already update to Rahmat Aris about "10.10.91.109" and ask for assist on investigating this matter.
#5 Updated by Chun Feng Lim about 4 years ago
BSN Firewall Team will look into it, no feedback from them yet
#6 Updated by Nurul Athira Abdul Rahim almost 4 years ago
Penril have proven websphere and web server is using tls 1.2, but jtm still not updated in their load balancer.
#7 Updated by Nurul Athira Abdul Rahim almost 4 years ago
- % Done changed from 30 to 90
#8 Updated by Norhaidah Md Dasuki almost 4 years ago
- Category set to System Enhancement
#9 Updated by Norhaidah Md Dasuki almost 4 years ago
- Due date set to October 28, 2020
- Start date changed from July 03, 2020 to October 20, 2020
19/10 - Update by JTM need to settle WAF and to verify no outdated tls. Firewall team to complete by 28/10
#10 Updated by Nurul Athira Abdul Rahim over 3 years ago
- Status changed from Investigation to Development / Work In Progress
- % Done changed from 90 to 100
#11 Updated by Nurul Athira Abdul Rahim over 3 years ago
- Status changed from Development / Work In Progress to Work Completed-End life cycle
- Assignee changed from Chun Feng Lim to Zahir Abd Latif