Administrators may fail PCI compliance scans because the TLS 1.0 protocol is still enabled on the Kerio VPN port 4090. This version of TLS is affected by multiple cryptographic flaws. This article covers the steps to properly disable TLS 1.0.
- Establish an SSH connection to the Kerio Control box.
cd /var/winrouteto change to the directory
/var/winroute/to modify the file
- Scroll and look for a variable like this:
- You might find several entries with
<table name="SSL'>, edit all the entries.
Once all the changes have been completed and saved, restart the Control box and reattempt the scan.