Hi, Our openvas is showing the following ciphers as a medimum risk:
TLS1_0_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_0_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_0_RSA_WITH_3DES_EDE_CBC_SHA TLS1_1_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_1_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_1_RSA_WITH_3DES_EDE_CBC_SHA TLS1_2_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_2_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_2_RSA_WITH_3DES_EDE_CBC_SHA Qualys SSL labs report these ciphers are secure and OK therefore I presume that these are either: 1) Incorrect reported as vulnerable to Beast/Lucky13 Or 2) Being reported as part of “Any cipher considered to be secure for only the next 10 years is considered as medium” Apache is set to use: SSLCipherSuite !ADH:!RC4-SHA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT:ALL Latest patch levels for apache/OpenSSL. Can anyone clarify? Thanks Joe
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
