Microsoft
Software
Hardware
Network
Question : SSL Weak Cipher Suites Supported
I used the Nessus Scanning Tool to scan my Solaris 10 server and got one of following medium vulnerabilities:
==========================
==========
==========
==========
==========
========
SSL Weak Cipher Suites Supported
Synopsis :
The remote service supports the use of weak SSL ciphers.
Description :
The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all.
See also :
http://www.openssl.org/doc
s/apps/cip
hers.html
Solution :
Reconfigure the affected application if possible to avoid use of weak
ciphers.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/
I:N/A:N)
Plugin output :
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Nessus ID : 26928
==========================
==========
==========
==========
==========
====
I really don't know which application on my server is configured with SSL weak cipher. Or is itjust that the "openssl" command has the option to use weak cipher?
# openssl ciphers -v | grep 'DES(40)'
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
#
Answer : SSL Weak Cipher Suites Supported
If you use SSL/TLS you have to configure it to avoid 40-56-64bit ciphers (Apache,Sendmail etc)
It is not a security hole, but if you are not careful enough you may expose user's private info to network snooping leased line operators....
Random Solutions
Change crystal reports chart type during runtime
javascript nested classes
My Cisco ASA5505 licensing needs
How to write my deep copy constroctur?
DATABASE ROW UPDATE
Microsoft Outlook Emails not reciving
NetApp: Should I Pay $1,900 for Rack and Stack?
Installing all software without internet connection on fresh Windows 7 install
How do I identify user logon / logoff event in a domain
MFC Debugging