No – But even as if the system was corrected to run only TLS 1.2 the following ciphers would still be marked as medium risk:
TLS1_2_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_2_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_2_RSA_WITH_3DES_EDE_CBC_SHA From: [email protected] [mailto:[email protected]] On Behalf Of Eero Volotinen Sent: 21 December 2016 17:45 To: Madden, Joe <[email protected]> Cc: openvas-discuss <[email protected]> Subject: Re: [Openvas-discuss] OpenVAS Check for SSL Weak Ciphers Is there any reason to support other than TLSv1.2 protocols? Eero 2016-12-20 18:09 GMT+02:00 Madden, Joe <[email protected]<mailto:[email protected]>>: Hi, Our openvas is showing the following ciphers as a medimum risk: TLS1_0_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_0_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_0_RSA_WITH_3DES_EDE_CBC_SHA TLS1_1_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_1_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_1_RSA_WITH_3DES_EDE_CBC_SHA TLS1_2_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_2_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_2_RSA_WITH_3DES_EDE_CBC_SHA Qualys SSL labs report these ciphers are secure and OK therefore I presume that these are either: 1) Incorrect reported as vulnerable to Beast/Lucky13 Or 2) Being reported as part of “Any cipher considered to be secure for only the next 10 years is considered as medium” Apache is set to use: SSLCipherSuite !ADH:!RC4-SHA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT:ALL Latest patch levels for apache/OpenSSL. Can anyone clarify? Thanks Joe _______________________________________________ Openvas-discuss mailing list [email protected]<mailto:[email protected]> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
