[Openvas-discuss] SSL Anonymous Cipher Suites Supported

Chandrashekhar B bchandra at secpod.com
Fri Jan 13 11:31:02 CET 2012


Thanks! We’ll look into this. Is there any article/paper that describe the
weaknesses in these ciphers. 

Chandra.


From: sight In [mailto:insight.labs2012 at gmail.com] 
Sent: Friday, January 13, 2012 3:08 PM
To: bchandra at secpod.com
Cc: openvas-discuss at wald.intevation.org
Subject: Re: [Openvas-discuss] SSL Anonymous Cipher Suites Supported


i spent a times did research cipher problem , also found  miss below anon
cipher in 900234 rule

TLS1_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS1_DH_anon_WITH_RC4_128_MD5
TLS1_DH_anon_EXPORT_WITH_DES40_CBC_SHA
TLS1_DH_anon_WITH_DES_CBC_SHA
TLS1_DH_anon_WITH_3DES_EDE_CBC_SHA
TLS1_DH_anon_WITH_AES_128_CBC_SHA
TLS1_DH_anon_WITH_AES_256_CBC_SHA
TLS1_DH_anon_WITH_CAMELLIA_128_CBC_SHA
TLS1_DH_anon_WITH_CAMELLIA_256_CBC_SHA
TLS1_DH_anon_WITH_SEED_CBC_SHA
TLS1_DH_anon_WITH_CAMELLIA_128_CBC_SHA256
TLS1_DH_anon_WITH_CAMELLIA_256_CBC_SHA256
TLS1_DH_anon_WITH_AES_128_GCM_SHA256
TLS1_DH_anon_WITH_AES_256_GCM_SHA384


Thanks
2012/1/13 Chandrashekhar B <bchandra at secpod.com>
Anonymous ciphers testing is done in 900234 but, we don’t have Anonymous
only checking. Please submit to openvas-plugins if you are going to author
that.
 
Thanks,
Chandra.
 
From: sight In [mailto:insight.labs2012 at gmail.com] 
Sent: Friday, January 13, 2012 9:48 AM
To: bchandra at secpod.com
Cc: openvas-discuss at wald.intevation.org
Subject: Re: [Openvas-discuss] SSL Anonymous Cipher Suites Supported
 
thanks  Chandra ,well  i want write a new only alert ssl anon rules like
nessus ID:31705 
 
 
2012/1/13 Chandrashekhar B <bchandra at secpod.com>
900234 - Check SSL Weak Ciphers and Supported Ciphers

Chandra.


From: openvas-discuss-bounces at wald.intevation.org
[mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of sight In
Sent: Friday, January 13, 2012 9:02 AM
To: openvas-discuss at wald.intevation.org
Subject: [Openvas-discuss] SSL Anonymous Cipher Suites Supported

hi folks,

anyone know which rules support ssl anon inspection ?

Thanks
 





More information about the Openvas-discuss mailing list