You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks!
This is a good idea. I will incorporate it into the next build.
I've not really thought about those too much as they are internal to docker, but always a good idea to keep them as secure as possible. Begs the question of why disabling TLS1.0 & 1.1 and making them as secure as possible ( for the ospd-openvas) are not the defaults from GB. :/
And to answer your parenthetical question, 9390 is the port for the API. I think it is a REST API, but it is not a web interface. :)
Thanks if you scan the box that openvas is running with openvas and it reports 9390 port then you get the "SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection" - and I thought that last post described how to turn of the TLS1.0 and TLS1.1 for 9390.
For Postfix.
Disable VRFY and/or EXPN on your Mailserver.
edit /etc/postfix/main.cf and add
'disable_vrfy_command=yes' in 'main.cf'.
Disable TLS1.0 and TLS1.1
edit /etc/postfix/main.cf and add
'disable_vrfy_command=yes' in 'main.cf'.
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
For ospd-openvas (web interface?):
https://forum.greenbone.net/t/disable-tls-1-0-1-1-on-ospd-openvas/10945 <- last post on this link.
on the single docker images > /usr/lib/python3/dist-packages/ospd/server.py seems to be missing
The text was updated successfully, but these errors were encountered: