Hello,
The Nessus scanner detect TLS1.1 on Vcenter 6.7 - - Build number 15976714 any idea how to disable the TLS1.1 and allow only TLS1.2 on specific port 5432?
Currently all other ports use only TLS1.2
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1 As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors. PCI DSS v3.2 still allows TLS 1.1 as of June 30, 2018, but strongly recommends the use of TLS 1.2. A proposal is currently before the IETF to fully deprecate TLS 1.1 and many vendors have already proactively done this.Output from most recent scan
TLSv1.1 is enabled and the server supports at least one cipher.Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.