What Services use SSL? -What have I missed?
All,
We have implemented QualysGuard Enterprise Suite here and two of my servers keep popping up with an SSL vulnerability.
The "Solution" section of the report says "Disable support for anonymous authentication."
The only service running on either machine is AFP. In the "Access" tab of the "Settings" for AFP on both servers, I have unchecked "Enable Guest access" and "Enable administrator to masquerade as any registered user" though I doubt either of those selections have anything to do with SSL...
Since SSL is often used in remote control schemas, I've also set "Remote Login" and "Remote Management" to allow access for only Administrators but again I see no settings specifically for SSL.
Finally, I have set the root certificates for these servers to "Always Trust." (Previously the certificates reported "This root certificate is not trusted")
Can you think of anything I've missed with regards to SSL authentication?
Thanks!
-Brian