The remote service supports the use of week/medium strength SSL ciphers - Plugin ID (26928/42873)
Hi There
We are running Nessus Scan for BIG-IP LTM devices and getting following Alerts :-
The remote service supports the use of medium strength SSL ciphers - Plugin ID (26928)
The remote service supports the use of weak SSL ciphers. - Plugin ID (42873)
Description:
The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits. Note: This is considerably easier to exploit if the attacker is on the same physical network.
Solution:
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Basically these alerts only indicating Admin IP and the alert so we assume these alerts are related with the admin interface where low/medium end ciphers needs to be disabled.
This was our initial cipher strength
HTTPD - SSLCipherSuite: ALL:!ADH:!EXPORT56:!eNULL:!MD5:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
In the configuration, We have disabled low cypher i.e
HTTPD -SSLCipherSuite ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW
This disabling all the cipher length less than 128 bits length.
http://support.f5.com/kb/en-us/solutions/public/7000/800/sol7815.html
Even after aplying the fix, we are getting these alerts. Can anyone advice what is the possible solution/fix here ? Can we take them as false positive and close the alerts ?
Thanks in advance !!