Closed konvergence closed 3 weeks ago
Hi @konvergence please take a look at this PR and see if it addresses your issue: https://github.com/mikesplain/openvas-docker/pull/156
This was just merged in and is in the process of being built and deployed.
Hi Mike,
I get well the new restricted ciphers :
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA256...YES
Testing AES256-SHA...YES
Testing CAMELLIA256-SHA...YES
Testing AES128-GCM-SHA256...YES
But regarding to https://www.ssllabs.com/ssltest/analyze.html, it's steell to weak
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK | 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK | 256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK | 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) WEAK | 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK | 128
Is it possible to allow the same ciphers with ECDHE or DHE mode ? for example :
ECDHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
ECDHE-RSA-AES256-SHA
DHE-RSA-AES128-GCM-SHA256
sorry I did'nt want to close
Hi Mike,
I tested the supported cipher by openvas, but these ciphers are too weak. Do you plan to allow more secure cipher list ?
Here the current list of acceptable ciphers on openvas :