Hi, On 16.12.2016 07:13, Sai Ravi wrote: > Hi Have got a vulnerability " SSL Certificate Signed Using A Weak > Signature Algorithm" in one of our windows servers. > Tried the below steps > Installed IIS Crypto Removed SHA > Did a server restart. > Vulnerability still remains the same.
please have a look at the text and the reference of this vulnerability: https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ You might notice this is not about the cipher suites accepted by this service but about the signature algorithm which is used to sign your certificates. To mitigate this vulnerability you need to replace your SSL/TLS certificates with new certificates signed with SHA-256, SHA-384, or SHA-512. Side-note: Please avoid sending such mails to [Openvas-discuss] and [Openvas-devel]. Stick on [Openvas-discuss] as the other one is used for OpenVAS development specific discussions. Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
