This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to fix WEAK_SSL_POLICY vulnerabilities reported by Security Command Center GCP

Posted on 05-02-2023 02:40 AM
devfied
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi All,

Recently I have checked the Security Command Center of My Apigee GCP project. I can see some vulnerability observations are reported there. In that something weird reporting is related to GCP load balancer's SSL. Please find the same thing below.

Please share your insights on this issue and recommendations to fix this Weak SSL Policy.
@dchiesa1 

 

severityfinding_classparent_display_namecategorytypedisplay_namedescription
MEDIUMMISCONFIGURATIONSecurity Health AnalyticsWEAK_SSL_POLICYgoogle.compute.TargetHttpsProxyapigee-proxy-url-map-2-target-proxy

HTTPS and SSL Proxy load balancers use SSL policies to determine the protocol and cipher suites used in the TLS connections established between users and the Internet. These connections encrypt sensitive data to prevent malicious eavesdroppers from accessing it. A weak SSL policy permits clients using outdated versions of TLS to connect with a less secure cipher suite or protocol. For a list of recommended and outdated cipher suites, see https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4.

 

 

 

0 1 273
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
azharali49
Staff
Reply posted on --/--/---- --:-- AM

Hello,

 

For details about SSL policies refer the article;

Which TLS protocol version is being used? 

Do you have a supported ciphers list?

 

$ nmap --script ssl-cert,ssl-enum-ciphers -p 443 your_domain.com

OR

$ openssl s_client -showcerts -servername your_domain.com -connect your_domain.com:443

 

0 Likes
Top Solution Authors
View all