-- Check if weak ciphers are installed on the server
The previous post(below this one) ended with the line ... "and the cipher DES-CBC3-MD5 was used to encrypt the connection." So now if I want to force a connection with a weak cipher can I do it? If its supported on the server -- the answer is YES. Nessus throws you a lot of "informational findings" saying RC4-MD5 is a weak cipher and is supported. You can verify this for each weak cipher Nessus reports by using this command:
openssl s_client -connect 192.168.2.249:443 -(PROTOCOL)-cipher (CIPHERNAME REPORTED BY NESSUS)
For eg. openssl s_client -connect 192.168.2.249:443 -ssl2 -cipher RC4-MD5
Repeat this for all ciphers that Nessus reports as weak ciphers.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment