Disable TLS1.0 and TLS1.1 - Not really a bug, more like an enhancement.

[rkoosaar]

For Postfix.
Disable VRFY and/or EXPN on your Mailserver.

edit /etc/postfix/main.cf and add
'disable_vrfy_command=yes' in 'main.cf'.

Disable TLS1.0 and TLS1.1

edit /etc/postfix/main.cf and add
'disable_vrfy_command=yes' in 'main.cf'.

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

For ospd-openvas (web interface?):
https://forum.greenbone.net/t/disable-tls-1-0-1-1-on-ospd-openvas/10945 <- last post on this link.
on the single docker images > /usr/lib/python3/dist-packages/ospd/server.py seems to be missing

[immauss]

Thanks!
This is a good idea. I will incorporate it into the next build.
I've not really thought about those too much as they are internal to docker, but always a good idea to keep them as secure as possible. Begs the question of why disabling TLS1.0 & 1.1 and making them as secure as possible ( for the ospd-openvas) are not the defaults from GB. :/

And to answer your parenthetical question, 9390 is the port for the API. I think it is a REST API, but it is not a web interface. :)

[rkoosaar]

Thanks if you scan the box that openvas is running with openvas and it reports 9390 port then you get the "SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection" - and I thought that last post described how to turn of the TLS1.0 and TLS1.1 for 9390.

[immauss]

You're absolutely right.

Thanks,
Scott