Well. Why you are using still 3DES ciphers? TLSv1.2 provides better chipers.. if enabled?
-- Eero 2016-12-22 11:03 GMT+02:00 Madden, Joe <[email protected]>: > No – But even as if the system was corrected to run only TLS 1.2 the > following ciphers would still be marked as medium risk: > > > > TLS1_2_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA > > TLS1_2_DHE_RSA_WITH_3DES_EDE_CBC_SHA > > TLS1_2_RSA_WITH_3DES_EDE_CBC_SHA > > > > > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Eero Volotinen > *Sent:* 21 December 2016 17:45 > *To:* Madden, Joe <[email protected]> > *Cc:* openvas-discuss <[email protected]> > *Subject:* Re: [Openvas-discuss] OpenVAS Check for SSL Weak Ciphers > > > > Is there any reason to support other than TLSv1.2 protocols? > > > > Eero > > > > 2016-12-20 18:09 GMT+02:00 Madden, Joe <[email protected]>: > > Hi, > > > > Our openvas is showing the following ciphers as a medimum risk: > > > > TLS1_0_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA > > TLS1_0_DHE_RSA_WITH_3DES_EDE_CBC_SHA > > TLS1_0_RSA_WITH_3DES_EDE_CBC_SHA > > TLS1_1_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA > > TLS1_1_DHE_RSA_WITH_3DES_EDE_CBC_SHA > > TLS1_1_RSA_WITH_3DES_EDE_CBC_SHA > > TLS1_2_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA > > TLS1_2_DHE_RSA_WITH_3DES_EDE_CBC_SHA > > TLS1_2_RSA_WITH_3DES_EDE_CBC_SHA > > > > > > Qualys SSL labs report these ciphers are secure and OK therefore I presume > that these are either: > > > > 1) Incorrect reported as vulnerable to Beast/Lucky13 > > Or > > 2) Being reported as part of “Any cipher considered to be secure > for only the next 10 years is considered as medium” > > > > > > Apache is set to use: > > > > SSLCipherSuite !ADH:!RC4-SHA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT:ALL > > > > > > Latest patch levels for apache/OpenSSL. > > > > Can anyone clarify? > > > > Thanks > > > > Joe > > > > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
