How can I disable SSLv3 for ICA?


#1

After doing a vulnerability scan on my Incontrol Appliance we have discovered we are still running SSLv3. Can someone tell me where I can change that setting in my appliance?

Thanks!
Heidi


#2

@hklossner

Do you have more info to share for your ICA ?

  1. What is the firmware version that currently running for your ICA ?

  2. Would you able share us the vulnerability scan result ?


#4

Software version 2.7.3.2


#7

I just downloaded and installed Nessus 8.1.2. When I scan an ICA with it with all plugins enabled (including the 20007), I don’t see the reported issue:

(the above warnings are just for the default self-signed cert only.)

So SSLv3 should not be enabled.

The provided Nessus screenshot looks quite different from ours. You may want to scan again with the latest Nessus release. Also, make sure you are scanning the ICVA directly instead of an SSL proxy sitting in the front of it.


#8

After rescanning this morning using version
8.1.1 the results for the scan on the management port are the same. I can provide the full scan to support for guidance on clearing this up in a PM if that would help!

Thanks!

Heidi


#9

Please follow the first answer in this article and test your ICVA using the openssl command:

openssl s_client -connect example.com:443 -ssl3

In my tests to our local ICVA’s, an error is also returned and an SSL connection could not establish (i.e. SSLv3 is not enabled). If it can establish with your ICVA, it shall print out a large piece of handshake message. Please capture it and PM to me.