Hi, On 02.08.2016 17:54, Reindl Harald wrote: > and for IMAP/POP3 over TLS things like "CBC ciphers in TLS < 1.2 are > considered to be vulnerable to the BEAST or Lucky 13 attacks" are > nonsense too because the attack vector just don't exist outside a > webbrowser
just want to let you know that i'm in the mid of overworking the complete SSL topic and to provide a dedicated NVT for checking vulnerabilities like BEAST, Lucky13 and Sweet32 (the latter is also reported as weak ciphers since a few weeks) to only report them for Webservers. Will update / ping you again once this was committed to the Feed. Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
