Am 11.11.2013 08:37, schrieb Matthew Mundell: >> is there a way to enforce PFS-ciphers in GSAD >> a wild guess in /etc/sysconfig/gsad doe snot work >> >> GSA_SSL_CIPHERS=TLS_DHE_RSA_AES_256_CBC_SHA1 > > The only way would be to modify the source, I think. GSA does not pass any > cipher argument to MHD_start_daemon
than it should use a PFS cipher hardcoded https://calomel.org/firefox_ssl_validation.html it leaves a bad taste if the security scanner alerting about weak ciphers on scanned machines is classified as weak itself
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
