Getting PCI Compliant have to diable TLS 1.0

Snowtoy
Snowtoy Posts: 15  Freshman Member
edited April 14 in Security
I failed PCI Compliant test they want me to disable  the TLS1.0. I cant seem how to disable this. 
This is what they said I need to do. 

Disable the use of TLSv1.0 protocol in favor of a cryptographically stronger protocol such as TLSv1.2. The following openssl commands can be used to do a manual test: openssl s_client -connect ip:port -tls1 If the test is successful, then the target support TLSv1 

Any help would be gratefully appreciated
Thanks

All Replies

  • Mark_Zyxel
    Mark_Zyxel Posts: 111  Zyxel Employee
    Dear @Snowtoy

    attached a handy document for you 

    if you need help just let me now ;-)

    👾

  • Snowtoy
    Snowtoy Posts: 15  Freshman Member
    Mark thanks for the pdf. My next question would be how do I open a console session with the gateway. Thanks
  • Mark_Zyxel
    Mark_Zyxel Posts: 111  Zyxel Employee
    edited January 2019
    depending on the model and firmware you can acces console trough the webgui its in the top right of the screen.. Its newly introduced in the 4.32 firmware..

    otherwise download putty 
    https://the.earth.li/~sgtatham/putty/latest/w32/putty.exe

    run it on a pc wich is in the local lan of the device 
    fill in the local ip adress off the device and choose SSH

    It will prompt you as follwing click yes



    fill in de admin and password
    and then you have opened the console line interface.. 


    👾

  • lalaland
    lalaland Posts: 50  Ally Member
    You can just connect to USG via ssh access.
    Those CLI can be input there, there is no need to attach serial console.
  • Snowtoy
    Snowtoy Posts: 15  Freshman Member
    I see on the upper right hand corner of the zyxel interface it has CLI button and when I click on it shows a trash can then clear and underneath it shows ### CLI start and then it populates to 1-7 commands. Is this where I would type in the command for disable the TLS 1.0
  • Mark_Zyxel
    Mark_Zyxel Posts: 111  Zyxel Employee
    Dear @Snowtoy
    You should better call us in support monday.. Don't get me wrong but it seems you do not have much experience with our products.. So if you call in we can do this for you and you can learn how to do it next time.. 

    Wich country are you living in? based on that i can provide you with the right phone number.
    Or you PM me your number and i will get in contact with you .. 
     

    👾

  • danyedinak
    danyedinak Posts: 47  Freshman Member
    @Snowtoy
    Are you using a mac or a PC?
  • Snowtoy
    Snowtoy Posts: 15  Freshman Member
    PC with Win 10 Pro and Living in the USA 
Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!