2.3.2 and SSLv3

  • Greetings,

    How can I prevent SSLv3 from being utilized on my pfSense boxes?

    Thanks ahead of time for your assistance.

  • Rebel Alliance Developer Netgate

    It is already disabled in the GUI web server, and has been for some time.

    Or do you mean in some other package?

  • I scanned for vulnerabilities using Qualys and it pointed out an SSLv3 issue.

    Closer look at the report points out the it's ntopng.  I can block public access to that port but not I'm curious as to why the package is allowed to superseded pfSense security.

    If I'm completely missing something or miss configuring something, please correct me.

    Thanks again for your assistance.

  • Rebel Alliance Developer Netgate

    It isn't running using our GUI, it runs its own internal web server on a separate port (and that should really, really not be exposed to be public!)

    The ntopng package would have to be adjusted to disable SSLv3, if it's capable of doing so. That would be a subject for a new thread in the packages board though, not here.

  • I completely agree and understand.  Will be posting a new question on that board

    Thanks again for your assistance.

Log in to reply