Cumulocity IoT Feedback Portal
Environment
dormakabastaging.us.cumulocity.com
Description
The Web server supports the use of encryption protocols inferior to TLS1.2. Security vulnerabilities have
been identified in these versions and / or they are no longer compliant with the PCI-DSS standard. The
following table presents the vulnerable services.
Host: dormakabastaging.us.cumulocity.com
Service: 443/tcp
Weak protocols: TLS1.0
Using a weak version of the SSL and TLS protocols could allow a remote attacker to cryptographically
attack and decrypt communications between a client and the Web server. However, it is important to
mention that the exploitation of this vulnerability requires a very high level of expertise, like most
cryptographic vulnerabilities.
Recommendation
Modify the Web server configuration to support only TLS 1.2 and higher protocols. We invite you to refer
to the documentation relating to the configuration of the server used as well as the references presented
below in order to obtain the procedure to correct the vulnerability.
References
Qualys SSL Labs - SSL/TLS Deployment Best Practices
https://www.ssllabs.com/projects/best-practices/
Digicert - Deprecating TLS 1.0 & TLS 1.1
https://www.digicert.com/blog/depreciating-tls-1-0-and-1-1/
We plan to disable the support for TLS 1.0 for our public cloud instances by mid of the year. Pelase also refer to the announcment on TechCommunity: http://tech.forums.softwareag.com/techjforum/posts/list/70027.page
We plan to disable the support for TLS 1.0 for our public cloud instances by mid of the year. Pelase also refer to the announcment on TechCommunity: http://tech.forums.softwareag.com/techjforum/posts/list/70027.page