First off you’d upgrade the installation of pfSense - what version do you have installed/running? The current version is 2.2.3.
> On Jul 24, 2015, at 3:51 PM, Ted Byers <r.ted.by...@gmail.com> wrote: > > I have checked our installation of our website (a classic protected LAN > with a DMZ formed by two pfsense machines serving as our inner and outer > firewall, and one machine in the DMZ and the rest behind the inner > firewall) using a PCI scanner. > > The PCI scan identified two vulnerabilities WRT our pfsense machines. > > First, the scanner complains that TLS1 is supported and we need to restrict > it to TLS1.2. We modified the configuration of lighttpd to use TLS1.2, but > that did not make the complaint go away, so is there anything else that > uses TLS that we need to reconfigure to use only TLS1.2? > Second, it appears that ssh-server on pfsense is version 6.6 and it would > be good if we can upgrade that to 6.9 or better (well, if there is better - > the scan only complains the version if earlier than 6.9) > > If we can fix these two things, a little over half of the complaints from > the scanner will be resolved. I have spent a couple days using google, > trying to resolve these, but to no avail (compounded by the fact the signal > to noise ratio in my searches was abysmal). > > Thanks > > Ted > > -- > R.E.(Ted) Byers, Ph.D.,Ed.D. > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold