we have installed CFD 9.5 on our test env. and our scanning is telling us we have vulnerabilities on the log-api vms which is listening on port 8081 (loggregator_trafficcontroller) and port 8088 (reverse_log_proxy_gateway). it is affected by this …

affected by:
https://www.tenable.com/plugins/nessus/20007
https://www.tenable.com/plugins/nessus/42873
tenable.com
SSL Version 2 and 3 Protocol Detection
The remote service encrypts traffic using a protocol with known weaknesses. (Nessus Plugin ID 20007)
tenable.com
SSL Medium Strength Cipher Suites Supported (SWEET32)
The remote service supports the use of medium strength SSL ciphers. (Nessus Plugin ID 42873)

We need a way to specify what TLS protocols are supported and ciphers..
tenable.com
SSL Version 2 and 3 Protocol Detection
The remote service encrypts traffic using a protocol with known weaknesses. (Nessus Plugin ID 20007)
tenable.com
SSL Medium Strength Cipher Suites Supported (SWEET32)
The remote service supports the use of medium strength SSL ciphers. (Nessus Plugin ID 42873)

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/167378631

The labels on this github issue will be updated when the story is started.

@andrew-edgar this was fixed here https://www.pivotaltracker.com/story/show/166420338

A release will be cut soon but it won't be in cf-d 9.5

can you please make sure this is available in the next cf-d version. we have started our testing for flowing the next release and need to make sure we have these vulnerabilities closed before we decide on which version to deploy

We will try to get it in as soon as we can but we don't determine when cf-d bumps loggregator

Closing this since the fix is in https://github.com/cloudfoundry/loggregator-release/releases/tag/v105.6. Feel free to reopen if there is anything more to be addressed