Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wang
Collaborator

SSL Medium Strength Cipher Suites Supported

  • What about a list of moderately strong SSL passwords? Can someone help me?

    42873 - SSL Medium Strength Cipher Suites Supported
    Here is the list of medium strength SSL ciphers supported by the remote server :

    Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

    EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
    ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
    DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

    The fields above are :

    {OpenSSL ciphername}
    Kx={key exchange}
    Au={authentication}

6 Replies
Tor-Erik_Ones
Participant

I think yuo have to explain what you are trying to do

0 Kudos
Wang
Collaborator

  • This is the vulnerability scanned by the scanning software?

    I would like to ask what is the reason and what is the solution?

0 Kudos
Wang
Collaborator

  • I am looking forward to your reply. Thank you very much!

0 Kudos
Timothy_Hall
Champion
Champion

See these SKs:

sk120774: Vulnerability scan shows that there are weak ciphers related to TLS 1.2

sk82900: Security Audit indicates Firewall vulnerable to Weak Ciphers

sk123351: Vulnerability scan shows port 18194 has weak certificate ciphers (3DES)

sk100647: Check Point response to common false positives scanning results

--
"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
66790fe4-98ef-4
Explorer

I wish people would take a little more time in their answers to specific questions. Just pointing everyone to KB articles is equivalent to one tick above zero effort. I can search and find KB articles, read them and as long as they are well written understand them. But if that were the case, there would be no need for these BB sites would there? If one takes the time to answer these queries, the least they can do is to summarize the articles, otherwise all your help is merely rudimentary skills, and I cannot see how people would give a thumbs up to these replies, unless of course the learner is too lazy to look this up themselves.

0 Kudos
Raman_Arora
Contributor

@Timothy_Hall Do CP have any published sk on Qualys scan - QID - 38142 - SSL Server Allows Anonymous Authentication Vulnerability?


"CIPHER KEY-EXCHANGE AUTHENTICATION MAC ENCRYPTION(KEY-STRENGTH) GRADE
TLSv1 SUPPORTS CIPHERS WITH NO AUTHENTICATION
ADH-AES128-SHA DH None SHA1 AES(128) MEDIUM
ADH-AES256-SHA DH None SHA1 AES(256) HIGH
TLSv1.1 SUPPORTS CIPHERS WITH NO AUTHENTICATION
ADH-AES128-SHA DH None SHA1 AES(128) MEDIUM
ADH-AES256-SHA DH None SHA1 AES(256) HIGH
TLSv1.2 SUPPORTS CIPHERS WITH NO AUTHENTICATION
ADH-AES128-SHA DH None SHA1 AES(128) MEDIUM
ADH-AES256-SHA DH None SHA1 AES(256) HIGH"

 

0 Kudos