TLS/SSL Server Supports Weak Cipher Algorithms
|6||(AV:N/AC:M/Au:N/C:P/I:P/A:N)||January 01, 1996||February 12, 2009||December 04, 2013|
The TLS/SSL server supports cipher suites based on weak algorithms. This may enable an attacker to launch man-in-the-middle attacks and monitor or tamper with sensitive data. In general, the following ciphers are considered weak:
- So called "null" ciphers, because they do not encrypt data.
- Export ciphers using secret key lengths restricted to 40 bits. This is usually indicated by the word EXP/EXPORT in the name of the cipher suite.
- Obsolete encryption algorithms with secret key lengths considered short by today's standards, eg. DES or RC4 with 56-bit keys.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
Disable SSL support for weak ciphers
Configure the server to disable support for weak ciphers.
For Microsoft IIS web servers, see Microsoft Knowledgebase article 245030 for instructions on disabling weak ciphers.
For Apache web servers with mod_ssl, edit the Apache configuration file and change the SSLCipherSuite line to read:
For other servers, refer to the respective vendor documentation to disable the weak ciphers