Skip to content

How can we improve the SMA?

← KACE Systems Management Appliance (SMA)

Ability to disable weak TLS Ciphers

KACE currently does not support disabling weak ciphers that are part of TLS 1.2. You can go to this site https://www.ssllabs.com/ssltest/ and enter the DNS name for your appliance and find many weak ciphers in use by KACE. This caused our company to have a medium security risk finding that we can't fix. As a government contractor this can become critical to the point of switching to another product if this can't be resolved. I manage other products that let us easily choose which ciphers we want to enable/disable.

7 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Tom Nugent shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Garrett Michael Hayes commented  ·   ·  Report

    I'll add to this. Maintaining weak ciphers is bad practice, and since we as users do not have OS level access to the appliances, Quest must either turn them off, or give the customer a controlled path to do so.
    Like the original poster, we also operate in an industry subject to security audits, and this is a risk finding for us as well.

KACE Systems Management Appliance (SMA): Security

Categories

Feedback and Knowledge Base

(thinking…)