There is a security risk to the ssl lower versions of the equipment. The device can be configured to support higher versions and algorithms only to reduce the connection risk of the ROSNG series products. Note: TLS1.1 has been configured NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
1. SSL must bound PKI profile, the bounded PKI profile needs to import a legal and valid CA certificate 2. TLS(SSL) version is recommended to be greater than TLS v1.2, at least not less than TLS v1.1. 3. TLS algorithm does not contain insecure algorithms, which include: CBC, SHA1, MD5 4. Disable renegotiate