No – But even as if the system was corrected to run only TLS 1.2 the following ciphers would still be marked as medium risk:
TLS1_2_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_2_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_2_RSA_WITH_3DES_EDE_CBC_SHA From: eero.t.voloti...@gmail.com [mailto:eero.t.voloti...@gmail.com] On Behalf Of Eero Volotinen Sent: 21 December 2016 17:45 To: Madden, Joe <joe.mad...@mottmac.com> Cc: openvas-discuss <openvas-discuss@wald.intevation.org> Subject: Re: [Openvas-discuss] OpenVAS Check for SSL Weak Ciphers Is there any reason to support other than TLSv1.2 protocols? Eero 2016-12-20 18:09 GMT+02:00 Madden, Joe <joe.mad...@mottmac.com<mailto:joe.mad...@mottmac.com>>: Hi, Our openvas is showing the following ciphers as a medimum risk: TLS1_0_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_0_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_0_RSA_WITH_3DES_EDE_CBC_SHA TLS1_1_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_1_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_1_RSA_WITH_3DES_EDE_CBC_SHA TLS1_2_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_2_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS1_2_RSA_WITH_3DES_EDE_CBC_SHA Qualys SSL labs report these ciphers are secure and OK therefore I presume that these are either: 1) Incorrect reported as vulnerable to Beast/Lucky13 Or 2) Being reported as part of “Any cipher considered to be secure for only the next 10 years is considered as medium” Apache is set to use: SSLCipherSuite !ADH:!RC4-SHA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT:ALL Latest patch levels for apache/OpenSSL. Can anyone clarify? Thanks Joe _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss