Forum Discussion

khiali_130513's avatar
khiali_130513
Icon for Nimbostratus rankNimbostratus
Mar 07, 2014

The remote service supports the use of week/medium strength SSL ciphers - Plugin ID (26928/42873)

Hi There   We are running Nessus Scan for BIG-IP LTM devices and getting following Alerts :-   The remote service supports the use of medium strength SSL ciphers - Plugin ID (26928)   The re...
ibm
security
Cory_50405's avatar
Cory_50405
Icon for Noctilucent rankNoctilucent
Mar 07, 2014

So if you look in /var/run/config/httpd.conf.d/ssl.conf, what do you see listed after SSLCipherSuite?

 

  • khiali_130513's avatar
    khiali_130513
    Icon for Nimbostratus rankNimbostratus
    Mar 10, 2014
    Hi Cory This is what I get. I can`t run that command, gives me permission denied, even I tried with root id:- admin@Active] ~ /var/run/config/httpd.conf.d/ssl.conf -bash: /var/run/config/httpd.conf.d/ssl.conf: Permission denied This is what I can see form the file but I am not sure if its useful or not :- [admin@Active] ~ cat /var/run/config/httpd.conf.d/ssl.conf | grep httpd For more information, see bigpipe httpd help. directives see SSLMutex file:/var/run/httpd_ssl_mutex is not inherited from httpd.conf. SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Mar 10, 2014
    Posted this in your other thread too. You got a permission denied error because your syntax was trying to execute it. Your cat should be fine, except grep for HTTPD (all caps). It is case sensitive.
  • khiali_130513's avatar
    khiali_130513
    Icon for Nimbostratus rankNimbostratus
    Mar 10, 2014
    I don`t get anything when I use HTTPD [admin@Active] ~ cat /var/run/config/httpd.conf.d/ssl.conf | grep HTTPD Sorry for mixing up the thread
  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Mar 10, 2014
    My apologies, the search string should be 'SSLCipherSuite' So, cat /var/run/config/httpd.conf.d/ssl.conf | grep SSLCipherSuite
  • khiali_130513's avatar
    khiali_130513
    Icon for Nimbostratus rankNimbostratus
    Mar 10, 2014
    [admin@Active] ~ cat /var/run/config/httpd.conf.d/ssl.conf | grep SSLCipherSuite SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!MD5:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP SSLCipherSuite ALL:!ADH:!EXPORT:!MD5:!DES:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Mar 10, 2014
    Open the file with a text editor (vi) change the un-commented line to the following and rescan: SSLCipherSuite DEFAULT:!ADH:!EXPORT40:!EXP:!LOW
  • khiali_130513's avatar
    khiali_130513
    Icon for Nimbostratus rankNimbostratus
    Mar 18, 2014
    Hi Cory Just want to update this discussion [admin@active] ~ cat /var/run/config/httpd.conf.d/ssl.conf | grep SSLCipherSuite SSLCipherSuite ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW SSLCipherSuite ALL:!ADH:!EXPORT:!MD5:!DES:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW It seems that we have correct solution in place as per initial documentation from F5. No need to edit the file via Vi editor. I was looking from one the F5 from our testing environment where fix was not applied. So as per above parameters, even if I am still getting a week cipher alert from Nessus Scan, Can I safely take it as fals positive ?
  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Mar 18, 2014
    It seems to me like a false postiive, but it could be classifying MEDIUM ciphers as weak as well. Can the Nessus scan folks provide you with what ciphers they are seeing being used and classified as 'weak'? Does the result change if you also add in :!MEDIUM to the cipher suite?