Dr. Zathras Posted Monday at 01:21 PM Posted Monday at 01:21 PM We have a JavaScript-based custom web interface to a FM database running on FileMaker Server v20.1.2.207, macOS 13.7.2. Everything is working well, but our security-mandated Rapid7 scans report the following vulnerabilities: TLS/SSL Server Supports The Use of Static Key Ciphers TLS 1.2 ciphers: TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 HTTP OPTIONS Method Enabled I'm assuming the relevant config file to edit is /Library/FileMaker Server/HTTPServer/conf/extra/httpd-ssl.conf Does anybody know exactly which edits to make that will disable the vulnerable ciphers and HTTP options? Thanks.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now