search

zhmcclient / zhmc-prometheus-exporter

A Prometheus exporter for the IBM Z HMC
Apache License 2.0
11 stars 8 forks source link

Two risky cryptographic algorithms found #508

Open Charles1000Chen opened 2 months ago

Charles1000Chen commented 2 months ago

Describe the bug

The zhmc prometheus expoerter should not support any risky cryptographic algorithms.

Expected behavior The two test items shoud be "OK" in testssh.sh test result.

To Reproduce Test with testssl.sh, it will report the two issues in its test result.

Environment information

Command output

{
    "id"           : "cipher-tls1_2_xc028",
    "severity"     : "LOW",
    "finding"      : "TLSv1.2   xc028   ECDHE-RSA-AES256-SHA384           ECDH 253   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
},{
    "id"           : "cipher-tls1_2_xc027",
    "severity"     : "LOW",
    "finding"      : "TLSv1.2   xc027   ECDHE-RSA-AES128-SHA256           ECDH 253   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
}

Log file <-- If possible, attach a log file generated with '--log-comp all=debug --log exporter.log'. -->

andy-maier commented 1 month ago

Mu Chen, I assume this is on the Prometheus port of the exporter.

Can you please send me via Slack the credential files you used in the prometheus section of the exporter's credentials file?

andy-maier commented 1 month ago

For info, this may be how to set ciphers: https://stackoverflow.com/a/34799338/1424462