1、问题
SSL Medium Strength Cipher Suites Supported (SWEET32)
The remote service supports the use of medium strength SSL ciphers.
The remote host supports the use of SSL ciphers that offer medium
strength encryption. Nessus regards medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or
else that uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.
Reconfigure the affected application if possible to avoid use of
medium strength ciphers.
1、问题 SSL Medium Strength Cipher Suites Supported (SWEET32)
The remote service supports the use of medium strength SSL ciphers.
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
https://www.openssl.org/blog/blog/2016/08/24/sweet32/ https://sweet32.info
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
The fields above are :
{Tenable ciphername} {Cipher ID code} Kex={key exchange} Auth={authentication} Encrypt={symmetric encryption method} MAC={message authentication code} {export flag} 2、建议关闭crypto/tls的SWEET32弱套件