Koozali.org: home of the SME Server

Contribs.org Forums => Koozali SME Server 10.x => Topic started by: jameswilson on May 26, 2024, 01:22:03 AM

Title: Ciper issue reported by zencart team
Post by: jameswilson on May 26, 2024, 01:22:03 AM

Ive been sent the following

Quote

[insecure_cipher_suites] => Array
        (
            [TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA] => Array
                (
                   

• => uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order

                )

            [TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA] => Array
                (
                   

• => uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order

                )
        )

Can/should I disable 3DES?
I can see there is a way to modify the ciphers with a templete here
https://wiki.koozali.org/SSL_Settings

but dont want to just blindly do this?

James

Title: Re: Ciper issue reported by zencart team
Post by: Jean-Philippe Pialasse on May 26, 2024, 03:18:09 AM

default is disabled so you might have enabled it yourself.

Title: Re: Ciper issue reported by zencart team
Post by: jameswilson on May 26, 2024, 01:02:55 PM

Hi JP
I dont think I have 'enabled' them but I also note this page

https://www.ssllabs.com/ssltest/analyze.html?d=www.securitywarehouse.co.uk

that reports this

Title: Re: Ciper issue reported by zencart team
Post by: jameswilson on May 26, 2024, 01:03:12 PM

Im far from sure but is that related.

Title: Re: Ciper issue reported by zencart team
Post by: mmccarn on May 26, 2024, 03:10:38 PM

Scan your host with https://www.ssllabs.com/ssltest and make adjustments until your Overall Rating is "A"

Title: Re: Ciper issue reported by zencart team
Post by: Jean-Philippe Pialasse on May 26, 2024, 03:15:21 PM

it is already A. 
the weak cipher are usual with this score and wanted unless you want to reject a lot of legitimate clients. 


from where do you get the first message?