Ask Your Question
0

How to solve SWEET32 vulnerability in nginx

asked 2017-06-15 09:46:23 -0500

We have had a security scan which has highlighted a vulnerability on our puppet master server for port 443. This relates to the nginx master.

Has anyone else encountered this and if so how did you resolve it?

Unacceptable ciphers being used are reported as;

TLSv1 ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

Mostly down to the 3DES element.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-06-15 10:53:21 -0500

Found it! Config file, on our server at least, at /etc/puppetlabs/nginx/conf.d/proxy.conf Add an exclusion exclamation mark in from of the offending ciphers on the sslciphers line and remove the TLSv1 protocol in the sslprotocols line. Restart the pe-nginx service and the problem was resolved.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-06-15 09:46:23 -0500

Seen: 67 times

Last updated: Jun 15