• Close
  • Back to search

    TLS/SSL Server Supports Weak Cipher Algorithms

    Severity CVSS Published Added Modified
    6 (AV:N/AC:M/Au:N/C:P/I:P/A:N) December 31, 1995 February 11, 2009 September 30, 2014

    Description

    The TLS/SSL server supports cipher suites based on weak algorithms. This may enable an attacker to launch man-in-the-middle attacks and monitor or tamper with sensitive data. In general, the following ciphers are considered weak:

    • So called "null" ciphers, because they do not encrypt data.
    • Export ciphers using secret key lengths restricted to 40 bits. This is usually indicated by the word EXP/EXPORT in the name of the cipher suite.
    • Obsolete encryption algorithms with secret key lengths considered short by today's standards, eg. DES or RC4 with 56-bit keys.

    Free Nexpose Download

    Discover, prioritize, and remediate security risks today!

     Download now

    References

    Solution

    ssl-disable-weak-ciphers