You are right Rohit. I tested our CPVM running the same system vm template, and it exposes the following ciphers:
Testing EXP-EDH-RSA-DES-CBC-SHA...YES Testing EXP-EDH-DSS-DES-CBC-SHA...NO (ssl handshake failure) Testing EXP-ADH-DES-CBC-SHA...NO (ssl handshake failure) Testing EXP-DES-CBC-SHA...YES Testing EXP-RC2-CBC-MD5...NO (ssl handshake failure) Testing EXP-ADH-RC4-MD5...NO (ssl handshake failure) Testing EXP-RC4-MD5...YES For the record I used this tool to test: https://gist.github.com/degan/70e8059507d173751294 I don't know how accurate it is. -- Erik On Wed, Mar 4, 2015 at 12:42 PM, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: > Thanks for checking Erik, I think we should also check console proxy as > it serves on HTTP/S as well. > > > On Wednesday 04 March 2015 12:27 PM, Erik Weber wrote: > >> On Wed, Mar 4, 2015 at 2:21 AM, Nux! <n...@li.nux.ro> wrote: >> >> https://freakattack.com/ >>> >>> That time of the month again. Secure your stuff, folks. >>> >>> >>> Tried against the SSVM on a CCP 4.3.2 installation, with updated system >> vm >> template (think it was Beast or shellshock). >> Does not export the mentioned ciphers. >> >> > -- > Regards, > Rohit Yadav > Software Architect, ShapeBlue > M. +91 8826230892 | rohit.ya...@shapeblue.com > Blog: bhaisaab.org | Twitter: @_bhaisaab > PS. If you see any footer below, I did not add it :) > Find out more about ShapeBlue and our range of CloudStack related services > > IaaS Cloud Design & Build<http://shapeblue.com/ > iaas-cloud-design-and-build//> > CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> > CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > CloudStack Software Engineering<http://shapeblue.com/cloudstack-software- > engineering/> > CloudStack Infrastructure Support<http://shapeblue.com/ > cloudstack-infrastructure-support/> > CloudStack Bootcamp Training Courses<http://shapeblue.com/ > cloudstack-training/> > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based > upon its contents, nor copy or show it to anyone. Please contact the sender > if you believe you have received this email in error. Shape Blue Ltd is a > company incorporated in England & Wales. ShapeBlue Services India LLP is a > company incorporated in India and is operated under license from Shape Blue > Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil > and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is > a company registered by The Republic of South Africa and is traded under > license from Shape Blue Ltd. ShapeBlue is a registered trademark. >