SSL vulnerabilities

Discussion in 'Installation/Configuration' started by Aki Alvz, Aug 29, 2019.

  1. Aki Alvz

    Aki Alvz New Member


    I have ISPConfig 3 installed on Centos 7.

    I have performed a vulnerability analysis and I have found 2 SSL vulnerabilities:

    SSL Medium Strength Cipher Suites Supported (SWEET32)
    SSL RC4 Cipher Suites Supported (Bar Mitzvah)

    I have made the changes attached to the /etc/httpd/conf.d/ssl.conf file:

    SSLProtocol all -SSLv2 -SSLv3 --> SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA --> SSLCipherSuite ALL:!RC4:!MD5:!DES:!3DES
    #SSLHonorCipherOrder on --> SSLHonorCipherOrder on

    Finally, I have restarted the service httpd (service httpd restart), but the problem continues.
    Please, can you help me?

    Thanks in advance.

Share This Page