Forum Discussion

khiali_130513's avatar
khiali_130513
Icon for Nimbostratus rankNimbostratus
Mar 07, 2014

The remote service supports the use of week/medium strength SSL ciphers - Plugin ID (26928/42873)

Hi There

 

We are running Nessus Scan for BIG-IP LTM devices and getting following Alerts :-

 

The remote service supports the use of medium strength SSL ciphers - Plugin ID (26928)

 

The remote service supports the use of weak SSL ciphers. - Plugin ID (42873)

 

Description:

 

The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits. Note: This is considerably easier to exploit if the attacker is on the same physical network.

 

Solution:

 

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

 

Basically these alerts only indicating Admin IP and the alert so we assume these alerts are related with the admin interface where low/medium end ciphers needs to be disabled.

 

This was our initial cipher strength

 

HTTPD - SSLCipherSuite: ALL:!ADH:!EXPORT56:!eNULL:!MD5:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

 

In the configuration, We have disabled low cypher i.e

 

HTTPD -SSLCipherSuite ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW

 

This disabling all the cipher length less than 128 bits length.

 

http://support.f5.com/kb/en-us/solutions/public/7000/800/sol7815.html

 

Even after aplying the fix, we are getting these alerts. Can anyone advice what is the possible solution/fix here ? Can we take them as false positive and close the alerts ?

 

Thanks in advance !!

 

ibm
security

10 Replies

Sort By
  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Mar 07, 2014

    So if you look in /var/run/config/httpd.conf.d/ssl.conf, what do you see listed after SSLCipherSuite?

     

    • khiali_130513's avatar
      khiali_130513
      Icon for Nimbostratus rankNimbostratus
      Mar 10, 2014
      Hi Cory This is what I get. I can`t run that command, gives me permission denied, even I tried with root id:- admin@Active] ~ /var/run/config/httpd.conf.d/ssl.conf -bash: /var/run/config/httpd.conf.d/ssl.conf: Permission denied This is what I can see form the file but I am not sure if its useful or not :- [admin@Active] ~ cat /var/run/config/httpd.conf.d/ssl.conf | grep httpd For more information, see bigpipe httpd help. directives see SSLMutex file:/var/run/httpd_ssl_mutex is not inherited from httpd.conf. SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      Mar 10, 2014
      Posted this in your other thread too. You got a permission denied error because your syntax was trying to execute it. Your cat should be fine, except grep for HTTPD (all caps). It is case sensitive.
    • khiali_130513's avatar
      khiali_130513
      Icon for Nimbostratus rankNimbostratus
      Mar 10, 2014
      I don`t get anything when I use HTTPD [admin@Active] ~ cat /var/run/config/httpd.conf.d/ssl.conf | grep HTTPD Sorry for mixing up the thread
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Mar 07, 2014

    what are you scanning? a virtual server on the LTM, or the management interface (either via selfIP / or management interface)