Hi, Didn't mean to start a discussion about this to be honest. Just wanted to know if these ciphers are indeed vulnerable or it's be raised due to the 10 Year life cycle.
Cheers Joe -----Original Message----- From: Openvas-discuss [mailto:[email protected]] On Behalf Of Reindl Harald Sent: 22 December 2016 14:22 To: [email protected] Subject: Re: [Openvas-discuss] OpenVAS Check for SSL Weak Ciphers Am 22.12.2016 um 13:38 schrieb Eero Volotinen: > Well, TLSv1.2 is nowdays supported very well: > > https://en.wikipedia.org/wiki/Template:TLS/SSL_support_history_of_web_ > browsers > > It even works on IE. again: in your small world in the real world there are even clients which are not operated by humans some are written in java, probably run a oldr java version and then you have even to take care that your DHE params are not too big since those clients don't support ECDHE some are runnng on really old hardware it' pure stupidity to call out a server with SSLHonorCipherOrder and compatibility ciphers at the end of SSLCipherSuite since no recent client has a point falling back at those ciphers the support in clients for old and unsecure things has to be removed instead the ongoing piss-contest against server admins which try to support old client software instead enforce them to use no exncraption at all > 2016-12-22 13:36 GMT+02:00 Reindl Harald <[email protected] > <mailto:[email protected]>>: > > > > Am 21.12.2016 um 18:45 schrieb Eero Volotinen: > > Is there any reason to support other than TLSv1.2 protocols? > > > in your small world probably not > > in the real world where you ar enot in the position to update every > mailclient of every customer or even every operating system and it's > browsers of website visitors it is > > there is no reason that a recent client would fall back to 3DES > other than a major bug in that client which needs to be fixed there > and not on the server side > > 2016-12-20 18:09 GMT+02:00 Madden, Joe <[email protected] > <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>>>: > > Hi,____ > > __ __ > > Our openvas is showing the following ciphers as a medimum > risk:____ > > __ __ > > TLS1_0_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA____ > > TLS1_0_DHE_RSA_WITH_3DES_EDE_CBC_SHA____ > > TLS1_0_RSA_WITH_3DES_EDE_CBC_SHA____ > > TLS1_1_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA____ > > TLS1_1_DHE_RSA_WITH_3DES_EDE_CBC_SHA____ > > TLS1_1_RSA_WITH_3DES_EDE_CBC_SHA____ > > TLS1_2_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA____ > > TLS1_2_DHE_RSA_WITH_3DES_EDE_CBC_SHA____ > > TLS1_2_RSA_WITH_3DES_EDE_CBC_SHA____ _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
