2016-12-21 12:48 AM
Security scan, ran on server where SCagent is running, found this vulnerability:
The remote service supports the use of medium strength SSL ciphers.
The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key)
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
Where and how can I disable SSL Medium Strength Cipher? Is it on server where snap creator is running?
Solved! SEE THE SOLUTION
2016-12-22 05:22 AM
There is no provision to disable medium strength SSL ciphers in Snap Creator 4.3 release, but Snap Creator 4.3.1 has disabled the usage of these ciphers(like DES & 3DES).
Also, Snap Creator 4.3.1 has disabled TLSv1 protocol by default. To support backward compatibility, user can enable it by setting ENABLE_SECURITY_PROTOCOL_TLS_V1 parameter to Y in snapcreator.properties and agent.properties file.
User can upgrade Snap Creator to 4.3.1 release to avoid this kind of vulnerabilities.