Monday, June 6, 2016

ssl - IBM Domino 8.5.3 and mitigating the BEAST attack on TLS (SSLTest)



Having run https://www.ssllabs.com/ssltest/index.html on a newly built Domino 8.5.3 server, is it possible to configure for https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls



The server initially got a score of "F", but adding SSL_DISABLE_RENEGOTIATE=1 and unchecking the old SSL Ciphers has improved the score to "B".




(I've update the following to the correct settings as per the blog post below)



To clarify the following SSL Ciphers are enabled:
- RC4 encryption with 128-bit key and MD5 MAC
- RC4 encryption with 128-bit key and SHA-1 MAC



The following SSL Ciphers are disabled:
- AES encryption with 128-bit key and SHA-1 MAC (Domino 8+ only)
- AES encryption with 256-bit key and SHA-1 MAC (Domino 8+ only)
- DES encryption with 56-bit key and SHA-1 MAC
- Triple DES encryption with 168-bit key and SHA 1 MAC
- RC4 encryption with 40-bit key and MD5 MAC
- No encryption with MD5 MAC
- No encryption with SHA-1 MAC



SSL v2 is not enabled


Answer



Can you check the Blogposting here and say which cipher you have still enabled?


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...