On Wed, Oct 17, 2018 at 7:00 PM murugesh pitchaiah < murugesh.pitcha...@gmail.com> wrote:
> Hi, > > You may list down what ciphers configured : "openssl ciphers" > Choose CBC ciphers and add them to the list of 'ssl_ciphers' with "!" > prefix appended to current ssl_ciphers. > > > ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH:!AAA_CBC_BBB: > > Ref: > https://serverfault.com/questions/692119/meaning-of-ssl-ciphers-line-on-nginx-conf > > Thanks, > Murugesh P. > > > On 10/17/18, Kaushal Shriyan <kaushalshri...@gmail.com> wrote: > > Hi, > > > > I have the below ssl settings in nginx.conf file and VAPT test has > reported > > us to disable CBC ciphers > > > > ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH; > >> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > > > > > > openssl version on the box is OpenSSL 1.0.2k-fips 26 Jan 2017 on CentOS > > Linux release 7.3.1611 (Core) > > > > I will appreciate if someone can pitch in to help me understand to > disable > > CBC ciphers > > > > Best Regards > > > > Kaushal > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users Thanks Murugesh. I did checked openssl ciphers https://www.openssl.org/docs/man1.0.2/apps/ciphers.html and could not see !AAA_CBC_BBB as mentioned in your email. ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH:!AAA_CBC_BBB: Correct me if i am understanding it wrong. Basically i want to disable Cipher Block Chaining (CBC) mode cipher encryption. Openssl and OS version are as below :- openssl version on the box is OpenSSL 1.0.2k-fips 26 Jan 2017 on CentOS > Linux release 7.3.1611 (Core) Any tools which i can run to find out vulnerabilities in the above openssl and OS version? Please guide and i look forward to hearing from you. Thanks in Advance. Best Regards, Kaushal
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users