If you are forwarding the ports to other machines, it is those machines which need and update, not pfSense. This is the test: get out your ssh client of choice and connect to the port from outside. If you get something that is not pfSense, then upgrading ssh on your firewall isn't going to help.
- Y Sent from a gizmo with a very small keyboard and hyperactive autocorrect. On Jul 24, 2015 6:20 PM, "Ted Byers" <r.ted.by...@gmail.com> wrote: > This is an external scan. We forward ports such as 443 and 22 to specific > Ubuntu machines. But both sshd and apache have been configured to accept > only TLS1.2 > > Port 443 must be open to support the web server in our DMZ, and we need ssh > to connect to each machine for administration purposes. (if there is a > better way, I do not know what it is or how to do it --I am a programmer > tasked with setting this up, so network and system administration is new to > me - I am out of my area of expertise here). > > Thanks > > Ted > > > On Fri, Jul 24, 2015 at 5:25 PM, Steve Yates <st...@teamits.com> wrote: > > > Ted Byers wrote on Fri, Jul 24 2015 at 3:51 pm: > > > > > First, the scanner complains that TLS1 is supported and we need to > > restrict > > > it to TLS1.2. > > > > > Second, it appears that ssh-server on pfsense is version 6.6 > > > > Is this an internal scan or external? Hopefully those aren't > > exposed externally. If internal, can access be limited to certain IPs? > > > > This probably isn't the forum to discuss, but the TLS 1.0 one is > a > > fun one...that will catch Remote Desktop Services, and Vista and below > > don't support TLS 1.1+ period, and Windows 7 with IE10 or earlier don't > > have TLS 1.1+ enabled by default. > > > > -- > > > > Steve Yates > > ITS, Inc. > > > > > > _______________________________________________ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > > > > -- > R.E.(Ted) Byers, Ph.D.,Ed.D. > t...@merchantservicecorp.com > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
