Topic: Ciper issue reported by zencart team

[jameswilson]

Ive been sent the following

[insecure_cipher_suites] => Array
        (
            [TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA] => Array
                (
                   

• => uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order

                )

            [TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA] => Array
                (
                   

• => uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order

                )
        )

Can/should I disable 3DES?
I can see there is a way to modify the ciphers with a templete here
https://wiki.koozali.org/SSL_Settings

but dont want to just blindly do this?

James

[Jean-Philippe Pialasse]

default is disabled so you might have enabled it yourself.

[jameswilson]

Hi JP
I dont think I have 'enabled' them but I also note this page

https://www.ssllabs.com/ssltest/analyze.html?d=www.securitywarehouse.co.uk

that reports this

[jameswilson]

Im far from sure but is that related.

[mmccarn]

Scan your host with https://www.ssllabs.com/ssltest and make adjustments until your Overall Rating is "A"

[Jean-Philippe Pialasse]

it is already A. 
the weak cipher are usual with this score and wanted unless you want to reject a lot of legitimate clients. 


from where do you get the first message?