Some customers ran a vulnerability scanner on the server hosting the Apex One Edge Relay and found multiple security issues:
- The server's certificate is not trusted.
- The server only accepts RC4 cipher with older protocols.
- The server's certificate chain is incomplete.
- The server supports TLS 1.0 and TLS 1.1.
The use of TLS 1.0 and RC4 is not required by the Trend Micro Apex One Edge Relay server. Trend Micro recommend that customers evaluate their environments and where possible disable both TLS 1.0 and RC4.
For more information on RC4 and TLS 1.0, please refer to the following Microsoft articles: