crypto/tls的SSL Medium Strength Cipher Suites Supported (SWEET32)问题

[macaty]

1、问题 SSL Medium Strength Cipher Suites Supported (SWEET32)

The remote service supports the use of medium strength SSL ciphers.

The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

https://www.openssl.org/blog/blog/2016/08/24/sweet32/ https://sweet32.info

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name                          Code             KEX           Auth     Encryption             MAC
----------------------        ----------       ---           ----     ---------------------  ---
DES-CBC3-SHA                  0x00, 0x0A       RSA           RSA      3DES-CBC(168)          SHA1

The fields above are :

{Tenable ciphername} {Cipher ID code} Kex={key exchange} Auth={authentication} Encrypt={symmetric encryption method} MAC={message authentication code} {export flag} 2、建议关闭crypto/tls的SWEET32弱套件

[macaty]

[bjdgyc]

你使用的anylink版本是什么，我本地测试并没有提示 nmap --script ssl-enum-ciphers -p 443 host