1.9 SSL Strong Algorithm - c) pki-profile

Information

There is a security risk to the ssl lower versions of the equipment. The device can be configured to support higher versions and algorithms only to reduce the connection risk of the ROSNG series products.

Solution

1. SSL must bound PKI profile, the bounded PKI profile needs to import a legal and valid CA certificate
2. TLS(SSL) version is recommended to be greater than TLS v1.2, at least not less than TLS v1.1.
3. TLS algorithm does not contain insecure algorithms, which include: CBC, SHA1, MD5
4. Disable renegotiate

See Also

https://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedback

Item Details

Audit Name: Tenable ZTE ROSNG

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: ZTE_ROSNG

Control ID: 821529ec9af39134079992c746bcc22beb29961a10cd7252a0a0b0cc271de0a5