TLS Discovery Scan Template Settings Optimization

Summary

The default setting for SSL/TLS Service Discovery will be updated to be consistent across all scan policy templates.

Background

Most scan templates other than ones named "Advanced" offer a way to customize some options in each settings category.  For scan templates that allow customizing Discovery settings, the default for SSL/TLS service discovery has been "Known ports" even though the default for every other named mode of Discovery settings has been "All" unless otherwise noted in the scan template's description.  This has led to different SSL/TLS service discovery when a named setting was chosen or when Custom was chosen and the values were left unmodified.

Solution

The default value for SSL/TLS discovery will be made consistent across all scan policies created from templates that don't explicitly define a value for this setting.  The new default for this setting will be "All ports".  The default value for this setting will be affected for templates named "Advanced" as well.  Current scan policies and scans run from those policies will not be affected.

Impact

Customers who are used to creating Nessus scans from templates and who often use the "custom" mode for Discovery settings or customers who use the Advanced templates will want to evaluate whether or not to change the SSL/TLS discovery setting from its new default.  A setting of "None" or "Known ports" may be more desirable to reduce the impact of SSL/TLS service discovery on scan times and/or network load.

Affected Components

• Nessus Scan Templates
• Tenable.io Scan Templates

Target Release Date

4/15/2021

---------------------------------------------------------------------------------------------------

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.