Skip to Main Content
Cumulocity IoT Feedback Portal
Status Added/Resolved 🎉
Created by Guest
Created on Dec 23, 2019

Support of weak SSL/TLS encryption protocol - Security Risk


The Web server supports the use of encryption protocols inferior to TLS1.2. Security vulnerabilities have
been identified in these versions and / or they are no longer compliant with the PCI-DSS standard. The
following table presents the vulnerable services.

Service: 443/tcp
Weak protocols: TLS1.0

Using a weak version of the SSL and TLS protocols could allow a remote attacker to cryptographically
attack and decrypt communications between a client and the Web server. However, it is important to
mention that the exploitation of this vulnerability requires a very high level of expertise, like most
cryptographic vulnerabilities.
Modify the Web server configuration to support only TLS 1.2 and higher protocols. We invite you to refer
to the documentation relating to the configuration of the server used as well as the references presented
below in order to obtain the procedure to correct the vulnerability.

 Qualys SSL Labs - SSL/TLS Deployment Best Practices
 Digicert - Deprecating TLS 1.0 & TLS 1.1

  • Attach files
  • Admin
    Nikolaus Neuerburg
    Jan 16, 2020

    We plan to disable the support for TLS 1.0 for our public cloud instances by mid of the year. Pelase also refer to the announcment on TechCommunity: