When running the PCI Scan Security Report, you might get the following medium vulnerability:
Host is Vulnerable to Extended Master Secret TLS Extension (TLS triple handshake)
This article provides the steps on how to address this vulnerability in Kerio Control version 1.0.2j.
Kerio Control is using the OpenSSL Linux library. This vulnerability should be fixed in this commit by OpenSSL, which will be included in version 1.1.1.
Make the disk writable by using the following command:
mount -o remount,rw /
/etc/ssh/sshd_configfile content with the contents of the suggested_sshd_config.txt file (see attachment below).
Execute the following commands:
mount -o remount,ro /
Explanation and Final Considerations
The following are the changes that you will find in the new ssh_config file:
HostKey /var/ssh/ssh_host_dsa_keyline has been commented out.
The following lines have been added to the last part of the sshd_config file:
The issue should be fully fixed after upgrading the OpenSSL library in Kerio Control.