Re: [Assp-user] how to change the SSL cipher to mitigate beast

Thu, 04 Jul 2013 14:10:34 -0700 

Sorry for the delay, I wanted to update the status of this issue, as I did
set the ssl_cipher_list in ASSP, I thought it worked for setting the cipher
on SMTP (see below appears not now), but it does not appear to affect the
https: connections on port 55555 and 55553 for the web interface? I don't
know am I missing something else?

My setting: 
SSL_cipher_list:=RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!ADH:!AESGCM:!AES:!DES-CB
C3-SHA:!CAMELLIA256-SHA:!CAMELLIA128-SHA:!AES256-SHA
(which works for all other cpanel services)

Tested with beast.pl script on port 55555 and 55553 as well as actually port
465 also and the result is

Protocol: TLS v1
Server Preferred Cipher: AES256-SHA
Vulnerable: YES

Also tested with this as per cpanel guidelines
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:!SSLv2

And same result, which makes me thing the service is grabbing its setting
from somewhere else because on the second one there is not even a mention of
AES256-SHA

Thoughts?

John



Date: Tue, 11 Jun 2013 18:27:24 +0200
From: Thomas Eckardt <thomas.ecka...@thockar.com>
Subject: [Assp-user] Antwort: how to change the SSL cipher to mitigate
        beast
To: For Users of ASSP <assp-user@lists.sourceforge.net>
Message-ID:
        
<tITC.787456feed.OF8C0D33FD.4C9D9322-ONC1257B87.005A1E3A-C1257B87.005A62EE@t
hockar.com>
        
Content-Type: text/plain; charset="us-ascii"

set 'SSL_cipher_list' to your needs - notice: this is used for SMTPS and
HTTPS

the 'SSL_honor_cipher_order' flag is still not used in assp

Thomas




Von:    "Ethical Host - John MacKenzie" <j...@ethicalhost.ca>
An:     <assp-user@lists.sourceforge.net>, 
Datum:  11.06.2013 17:55
Betreff:        [Assp-user] how to change the SSL cipher to mitigate beast



Well I posted this some time ago with no response so will try the mail list

 

http://minimalcms.sourceforge.net/demo/proxy/apps/phpbb/assp/viewtopic.php?f

=7
<
http://minimalcms.sourceforge.net/demo/proxy/apps/phpbb/assp/viewtopic.php?

f=7&t=1994&sid=cde5a1fbacd7f67c926a2741e964106a>
&t=1994&sid=cde5a1fbacd7f67c926a2741e964106a

 

Q: how do I go about adjusting the SSL cipher that assp uses for the web
interface (re here
http://forums.cpanel.net/f185/ssl-beast-workaround-whm-cpanel-306051.html)
on ports 55553 and 55555 to mitigate the BEAST vulnerability
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389?

 

Thanks

John

 



------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user

Reply via email to