Forum Discussion
khiali_130513
Nimbostratus
NimbostratusThe remote service supports the use of week/medium strength SSL ciphers - Plugin ID (26928/42873)
Hi There
We are running Nessus Scan for BIG-IP LTM devices and getting following Alerts :-
The remote service supports the use of medium strength SSL ciphers - Plugin ID (26928)
The remote service supports the use of weak SSL ciphers. - Plugin ID (42873)
Description:
The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits. Note: This is considerably easier to exploit if the attacker is on the same physical network.
Solution:
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Basically these alerts only indicating Admin IP and the alert so we assume these alerts are related with the admin interface where low/medium end ciphers needs to be disabled.
This was our initial cipher strength
HTTPD - SSLCipherSuite: ALL:!ADH:!EXPORT56:!eNULL:!MD5:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
In the configuration, We have disabled low cypher i.e
HTTPD -SSLCipherSuite ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW
This disabling all the cipher length less than 128 bits length.
http://support.f5.com/kb/en-us/solutions/public/7000/800/sol7815.html
Even after aplying the fix, we are getting these alerts. Can anyone advice what is the possible solution/fix here ? Can we take them as false positive and close the alerts ?
Thanks in advance !!
Cory_50405Noctilucent
So if you look in /var/run/config/httpd.conf.d/ssl.conf, what do you see listed after SSLCipherSuite?
khiali_130513Hi Cory This is what I get. I can`t run that command, gives me permission denied, even I tried with root id:- admin@Active] ~ /var/run/config/httpd.conf.d/ssl.conf -bash: /var/run/config/httpd.conf.d/ssl.conf: Permission denied This is what I can see form the file but I am not sure if its useful or not :- [admin@Active] ~ cat /var/run/config/httpd.conf.d/ssl.conf | grep httpd For more information, see bigpipe httpd help. directives see SSLMutex file:/var/run/httpd_ssl_mutex is not inherited from httpd.conf. SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key- Cory_50405Posted this in your other thread too. You got a permission denied error because your syntax was trying to execute it. Your cat should be fine, except grep for HTTPD (all caps). It is case sensitive.
- khiali_130513I don`t get anything when I use HTTPD [admin@Active] ~ cat /var/run/config/httpd.conf.d/ssl.conf | grep HTTPD Sorry for mixing up the thread
boneyardMVP
what are you scanning? a virtual server on the LTM, or the management interface (either via selfIP / or management interface)