[Openvas-discuss] OPENVASMD 9390/TCP Weak Ciphers

Reindl Harald h.reindl at thelounge.net
Sun May 25 17:41:12 CEST 2014



Am 25.05.2014 12:51, schrieb Michael Meyer:
> *** Reindl Harald wrote:
>> Am 25.05.2014 12:38, schrieb Michael Meyer:
>>> *** Reindl Harald wrote:
>>>
>>>> and pretty sure also can't test modern ciphers
>>>> on target systems using whatever software with OpenSSL
>>>
>>> Pretty sure isn't the same as knowing. You are again wrong
>>
>> how are you doing that if your own library does not support
>> it?
> 
> We just don't use a library for the cipher check. See
> secpod_ssl_ciphers.inc to understand how it works.

the cipher check itself is only one piece

scanning a website offering only PFS a forcing encryption
is just impossible because you can't get any http-connection
to try attacks against the web application behind

i have two internal sites here only allowing DHE/ECDHE because
they are not public reachable which does not mean secure them
internally don't matter


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20140525/d44cc848/attachment.asc>


More information about the Openvas-discuss mailing list