Hello Everyone
Good Day !
My environment is on 9.5.11 and we have recently witnessed an issue while compliance scanning.
As per compliance team Bigfix is firing to use TLS 1.0 and as per compliance it needs to be disabled and only TLS 1.1 and TLS 1.2 should be enabled. Belo
You will need to turn on the enhanced security option in your BigFix Environment, which enables the TLS 1.2 communication among the BigFix components.
Take a look at the following link:
Be aware of the performance implications and the notes in the documentation.
1 Like
@fermt Thank you for your reply . Enabling Enhanced Security Option had fixed the vulnerability on port 52311 , however the vulnerablity on port 8083 is still on… Could you please help me out in fixing the same.
I have disabled TLS 1.0 on IE and in Registry , but still it is showing that port 8083 is still using TLS1.0.
I have also added _Webreports_HTTPServer_RequireTLS12 and enabled the setting , but the issu still the same. You can see the error for port 8083 in the above screen shot.
You need to check which application is using the port 8083. Open the CMD, netstat -aon | findstr<port_number>, then check which PID is using it. Then access the task manager to see which particular service is using the PID associated w/ that port number. Once the application is identified, then look for a particular settings to change it to TLS1.2… In my experience, we have a TRC that using the port and showing the vulnerability alert for tls 1.0, Then we just changed it to TLS 1.2 to fixed.