Hi Venkat,
To check TLS Version 1.2
There are a number of ways that you can check the version of TLS running on the IDSD Server using the following tools. You will need the
host
and
port
number on which the service is running.
1. sslscan -
sslscan --no-failed <HOST>:PORT_NUMBER
2. openssl -
openssl s_client -connect <HOST>:PORT -tls1_2
3. nmap -
nmap -sV --script ssl-enum-ciphers -p PORT <HOST>
Please check in with me so I can walk you through each, if you have any issues or problems.
The second part of your question you ask "What needs to be done to upgrade?" Do you know what version you are currently running? I assume the PEN tester would have advised what version of TLS you are running or not?
To upgrade/Enable TLS Version 1.2
Add this information to the ldfi
file, if you don't have it then create an ldif
file with the following content (i.e. enable_SDS_TLS_1.2.ldif ):
dn: cn=SSL, cn=Configuration
changetype: modify
add: ibm-slapdSecurityProtocol
ibm-slapdSecurityProtocol: TLS12
To execute the ldif
file, use the following command:
idsldapmodify -h <host> -p <port> -D <user> -w ? -f enable_SDS_TLS_1.2.ldif
Hope this helps.
Enjoy!
------------------------------
Taiyyib Azam
X-Force Security Consultant
IBM
Warwickshire
07827 902 605
------------------------------
Original Message:
Sent: Tue February 01, 2022 01:59 PM
From: Venkat V
Subject: How to resolve TLS Version 1.0 Protocol Detection vulnerability on ISDS Server?
We have got a vulnerability on the IBM Security directory server version 6.4.0.0,
Can someone advise how to check the protocol version on the ISDS Server? Also what needs to be done to upgrade the version to TLSv1.2?
------------------------------
Thanks,
Venkat
------------------------------