You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As per discussion here customers will start asking (in fact, have started asking) for information about the endpoints that are exposed by our products.
We should have a central repository of information about this somewhere that we can keep up to date and refer customers to, when asking questions like these.
Some information that will be interesting here is:
A list of endpoints
Can they be secured with TLS
Record the support TLS versions (per Java version?) and cipher suite
Document how to change the TLS versions and ciphers. Highlight where this is not possible.
If insecure ciphers are available add default configuration to allow list strong ciphers only
Do the same for insecure TLS versions
@dervoeti mentioned CryptoLyzer, a tool that analyzes endpoints and generates reports in a format that is supported by SecObserve, which is quite a nice benefit.
The text was updated successfully, but these errors were encountered:
As per discussion here customers will start asking (in fact, have started asking) for information about the endpoints that are exposed by our products.
We should have a central repository of information about this somewhere that we can keep up to date and refer customers to, when asking questions like these.
Some information that will be interesting here is:
@dervoeti mentioned CryptoLyzer, a tool that analyzes endpoints and generates reports in a format that is supported by SecObserve, which is quite a nice benefit.
The text was updated successfully, but these errors were encountered: