ScreenOS Firewalls (NOT SRX)
Reply
Contributor
delldude
Posts: 23
Registered: ‎10-19-2010
0

Can SSL V2 Be Disabled On SSG5 Netscreen OS?

I'm failing PCI compliance scan because of SSL V2.  Is there any way to restrict SSL to V3 only?

New User
Beavonator
Posts: 3
Registered: ‎04-24-2012
0

Re: Can SSL V2 Be Disabled On SSG5 Netscreen OS?

[ Edited ]

Im on the phone with Juniper support now talking about this same issue. Our company is also failing PCI compliance due to Junipers lack of being able to shut off SSL V2. Currently Juniper support rep Szgsaini is telling me in the current Screen OS we are still unable to turn off SSL V2. Im showing them this post so they know this has been out there a while. They also just admitted to me they have received lots of requests to be able to disable SSL V2 on the web interface but the option is not yet available. to me this is complete unacceptable and I surely hope this post will push Juniper to release a fix for this issue.

support tells me this will be fixed in software version 6.4

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB13925&actp=LIST&smlogin=true

 

Recognized Expert
Sahota
Posts: 484
Registered: ‎03-15-2012
0

Re: Can SSL V2 Be Disabled On SSG5 Netscreen OS?

Hi,

 

This have been pending for a while now.

A work around that I have seen in the past (for the compliance) is to disable SSL completely.

 

Regards.

Hardeep

New User
Beavonator
Posts: 3
Registered: ‎04-24-2012
0

Re: Can SSL V2 Be Disabled On SSG5 Netscreen OS?

Another work around is to move port 443 to an obscure port. That should get us by until Juniper fixes the issue.

 

Thanks

Beav

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.