-
Title
Nessus Scanner identifies certain Cipher Suits as a possible vulnerability -
Description
Nessus Vulnerability Scanner can identify certain SSL Cipher Suites as possible vulnerabilities and how to add to a list of unused Cipher Suites in relation to the Secure Connect Service.
-
Cause
This is due to known vulnerabilities with certain protocols and SLL Cipher Suites used. Due to business safety requirements some Customer might want to add these to a list of unused Cipher Suites.
-
Resolution
Open a text editor with elevated privileges and navigate to
- C:\Program Files\AppRecovery\Core\CoreService\SecureConnect
Open the following file:
- sc_server.properties file
Edit the following entry:
- openSSL.server.cipherList = ALL:!ADH:!LOW:!EXP:!MD5:!3DES:!SEED:!RC4:-SSLv2:+HIGH:+MEDIUM
On this example we have added "AECDH" which is Anonymous Elliptic Curve Diffie Hellman cipher suites but in your case it might be something else.
You will want to edit the above highlighted line of text so it looks like this:
- openSSL.server.cipherList = ALL:!AECDH:!LOW:!EXP:!MD5:!3DES:!SEED:!RC4:-SSLv2:+HIGH:+MEDIUM
We have simply added the !AECDH: in the line.
After this is done, please restart the Secure Connect Service and re run the scan to confirm issue has been resolved.
-
Additional Information
Rapid Recovery Core; Version 6.2.1, 6.2