On Wed, Oct 17, 2018 at 7:00 PM murugesh pitchaiah <murugesh.pitchaiah@xxxxxxxxx> wrote:
Hi,
You may list down what ciphers configured : "openssl ciphers"
Choose CBC ciphers and add them to the list of 'ssl_ciphers' with "!"
prefix appended to current ssl_ciphers.
> ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH:!AAA_CBC_BBB:
Ref: https://serverfault.com/questions/692119/meaning-of-ssl-ciphers-line-on-nginx-conf
Thanks,
Murugesh P.
On 10/17/18, Kaushal Shriyan <kaushalshriyan@xxxxxxxxx> wrote:
> Hi,
>
> I have the below ssl settings in nginx.conf file and VAPT test has reported
> us to disable CBC ciphers
>
> ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH;
>> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
>
>
> openssl version on the box is OpenSSL 1.0.2k-fips 26 Jan 2017 on CentOS
> Linux release 7.3.1611 (Core)
>
> I will appreciate if someone can pitch in to help me understand to disable
> CBC ciphers
>
> Best Regards
>
> Kaushal
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Thanks Murugesh. I did checked openssl ciphers https://www.openssl.org/docs/man1.0.2/apps/ciphers.html and could not see
!AAA_CBC_BBB as mentioned in your email.
ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH:!AAA_CBC_BBB:
Correct me if i am understanding it wrong. Basically i want to disable Cipher Block Chaining (CBC) mode cipher encryption. Openssl and OS version are as below :-
openssl version on the box is OpenSSL 1.0.2k-fips 26 Jan 2017 on CentOS
Linux release 7.3.1611 (Core)
Any tools which i can run to find out vulnerabilities in the above openssl and OS version? Please guide and i look forward to hearing from you. Thanks in Advance.
Best Regards,
Kaushal
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
