How to detect TLS v1.1 using Qualys? I cannot find any QID's or Vulnerability Titles that reflect anything around TLS v1.1 detection.
Any help would be appreciated.
<?xml version="1.0" encoding="UTF-8"?><TAG_CRITERIA> <DETECTION> <QID_LIST> <QID>38116</QID> </QID_LIST> <RESULTS> <SEARCH_TYPE>CONTAINING</SEARCH_TYPE> <SEARCH_TERM>TLSv1.1 PROTOCOL IS ENABLED</SEARCH_TERM> </RESULTS> </DETECTION> <LAST_SCAN_DATE> <SEARCH_TYPE>WITHIN</SEARCH_TYPE> <DAYS>120</DAYS> </LAST_SCAN_DATE></TAG_CRITERIA>
Is to create a TAG if TLS 1.1 is ENABLED. If you need something for ciphers it is a different QID but if you need it let me know and I can help you out.
You have to use QID 38116 (SSL Server Information Retrieval). The results field will list all protocols and associated ciphers. This will tell you if TLSv1.1 is enabled. It's not ideal though as it requires post-processing to identify the status.
You could query for this in the Asset Search to build a TAG. Let me know if you need assistance with this.
Thanks for the feedback.
I just tried searching for assets using QID 38116 and one result it produces is very generic. It talks about ciphers but does not list cipher anywhere in the vulnerability and has no mention of TLS 1.1. Is there any other way to look for TLS v1.1?
Beautiful. Thank you for sharing the xml and I was able to pull the results I wanted and they look accurate. This solves my question so thank you so much.
No problem you can create a TAG for the other protocols as well to see for example how many support TLS 1.1 but NOT TLS 1.2 if you wanted.
Retrieving data ...