Forum Discussion

Nimbostratus

Dec 08, 2017

SSL Server Allows Anonymous Authentication Vulnerability

Good morning, Kindly note security scan from Qualys returned the following vulnarability "SSL Server Allows Anonymous Authentication Vulnerability" while I'm using an SSL client profile with non...

Employee

Dec 14, 2017

That result from Qualys is pointing to the fact that you have anonymous cipher suites enabled, and with cipher string you're using, that is due to ADH being enabled.

You can disable it by appending ':!ADH' to your existing cipher string and I'd go one step further to also disable other weaker ones like RC4, DE & 3DES. Therefore, the following cipher string disables all those weaker ones:

  TLSv1_2:!ADH:!DES:!3DES:!RC4

Please let me know if you have any questions.

Forum Discussion

SSL Server Allows Anonymous Authentication Vulnerability

Recent Discussions

Issues with F5 appliance black holeing traffic

SSL cert bundle - how to extract the intermediate?

F5 LTM with cisco ACI applied multi-site

what's the difference between gateway_icmp and icmp in the BIG-IP monitors?

Virtual server makes distribution. how can I see the forwarding traff in detail

Related Content

Anonymous DDOS Tools 2016

Dealing with DDoS threats by KillNet, Anonymous Sudan and REvil

Coordinated Vulnerability Disclosure: A Balanced Approach

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL