RE: McAfee Claims TLS Vulnerability

2012-05-03 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton > Sent: Monday, 30 April, 2012 02:39 > On Sun, Apr 29, 2012 at 5:40 PM, Mike Hoy wrote: > > We use McAfee to scan our website for vulnerabilities. They > claim the > > following: > >> > >> Configure SSL/TLS servers to only use T

Re: McAfee Claims TLS Vulnerability

2012-05-01 Thread Mike Hoy
> > Use a SSL/TLS scanner to verify SSL is not available; and TLS ciphers > are available. How would I verifity that SSL is not available and TLS ciphers are available? > Since you are using a FIPS build, MD5 and lesser > friends should not be available. You can use "#openssl ciphers" shows tha

Re: McAfee Claims TLS Vulnerability

2012-05-01 Thread Ben Laurie
Engineer | Quantum Corporation | Office: > 949.856.7748 | paul.suh...@quantum.com > Preserving the World's Most Important Data. Yours.T > > -Original Message- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Ben Laurie > Sent

Re: McAfee Claims TLS Vulnerability

2012-05-01 Thread Ben Laurie
On Mon, Apr 30, 2012 at 12:45 PM, Dr. Stephen Henson wrote: > On Sun, Apr 29, 2012, Mike Hoy wrote: > >> We use McAfee to scan our website for vulnerabilities. They claim the >> following: >> >> > Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. >> > Configure SSL/TLS servers

RE: McAfee Claims TLS Vulnerability

2012-04-30 Thread Paul Suhler
30, 2012 1:32 AM To: openssl-users@openssl.org Subject: Re: McAfee Claims TLS Vulnerability On Sun, Apr 29, 2012 at 10:40 PM, Mike Hoy wrote: > We use McAfee to scan our website for vulnerabilities. They claim the > following: >> >> Configure SSL/TLS servers to only use TLS 1.1

Re: McAfee Claims TLS Vulnerability

2012-04-30 Thread Ben Laurie
On Sun, Apr 29, 2012 at 10:40 PM, Mike Hoy wrote: > We use McAfee to scan our website for vulnerabilities. They claim the > following: >> >> Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. >> Configure SSL/TLS servers to only support cipher suites that do not use >> block ci

Re: McAfee Claims TLS Vulnerability

2012-04-30 Thread Dr. Stephen Henson
On Sun, Apr 29, 2012, Mike Hoy wrote: > We use McAfee to scan our website for vulnerabilities. They claim the > following: > > > Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. > > Configure SSL/TLS servers to only support cipher suites that do not use > > block ciphers. Ap

Re: McAfee Claims TLS Vulnerability

2012-04-29 Thread Jeffrey Walton
On Sun, Apr 29, 2012 at 5:40 PM, Mike Hoy wrote: > We use McAfee to scan our website for vulnerabilities. They claim the > following: >> >> Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. >> Configure SSL/TLS servers to only support cipher suites that do not use >> block cip

McAfee Claims TLS Vulnerability

2012-04-29 Thread Mike Hoy
We use McAfee to scan our website for vulnerabilities. They claim the following: > Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. > Configure SSL/TLS servers to only support cipher suites that do not use > block ciphers. Apply patches if available. I ran #openssl version a