Hi All,
Recently I have checked the Security Command Center of My Apigee GCP project. I can see some vulnerability observations are reported there. In that something weird reporting is related to GCP load balancer's SSL. Please find the same thing below.
Please share your insights on this issue and recommendations to fix this Weak SSL Policy.
@dchiesa1
severity | finding_class | parent_display_name | category | type | display_name | description |
MEDIUM | MISCONFIGURATION | Security Health Analytics | WEAK_SSL_POLICY | google.compute.TargetHttpsProxy | apigee-proxy-url-map-2-target-proxy | HTTPS and SSL Proxy load balancers use SSL policies to determine the protocol and cipher suites used in the TLS connections established between users and the Internet. These connections encrypt sensitive data to prevent malicious eavesdroppers from accessing it. A weak SSL policy permits clients using outdated versions of TLS to connect with a less secure cipher suite or protocol. For a list of recommended and outdated cipher suites, see https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4.
|
Hello,
For details about SSL policies refer the article;
Which TLS protocol version is being used?
Do you have a supported ciphers list?
$ nmap --script ssl-cert,ssl-enum-ciphers -p 443 your_domain.com
OR
$ openssl s_client -showcerts -servername your_domain.com -connect your_domain.com:443