Mehul Patel · Jan 3

How to disable outdated TLS version (1.0 and 1.1)

I've disabled TLS v1.0 and 1.1 within Healthshare setting, but still seeing these error messages when running a security scan. We do have apache being used. What else can I try?

Error messages:

The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite. Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1 As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Product version: IRIS 2021.2
$ZV: HealthShare Unified Care Record 2021.2.1 Build: 1000 [HealthShare Modules: Health Insight:22.0 + Core:22.0] - IRIS for UNIX (Red Hat Enterprise Linux for x86-64) 2021.1.2 (Build 336_0_21548U)
0 245
Discussion (2)2
Log in or sign up to continue

Can Nessus tell you what in particular is allowing the use of those ssl ciphers? Are you sure it's HealthShare that's causing the issue? Where in HealthShare did you disable the lower TLS version?