Secure Socket Layer (SSL) is a secure data transmission protocol using public/private key encryption. During MDR vulnerability scans, Alert Logic conducts many types of SSL vulnerability checks including the detection of weak and insecure SSL ciphers accepted by the target host.
The following weak SSL ciphers that will fail PCI requirements are detected by Alert Logic and reported under the "EID 31861: SSL – Server Supports Weak SSL Ciphers" exposure.
ADH-AES128-GCM-SHA256 | DHE-PSK-AES256-CBC-SHA | EXP-KRB5-DES-CBC-SHA |
ADH-AES128-SHA | DHE-PSK-NULL-SHA | EXP-KRB5-RC2-CBC-MD5 |
ADH-AES128-SHA256 | DHE-PSK-NULL-SHA256 | EXP-KRB5-RC2-CBC-SHA |
ADH-AES256-GCM-SHA384 | DHE-PSK-NULL-SHA384 | EXP-KRB5-RC4-MD5 |
ADH-AES256-SHA | DHE-RSA-AES128-SHA | EXP-KRB5-RC4-SHA |
ADH-AES256-SHA256 | DHE-RSA-AES256-SHA | EXP-RC2-CBC-MD5 |
ADH-CAMELLIA128-SHA | DHE-RSA-CAMELLIA128-SHA | EXP-RC4-MD5 |
ADH-CAMELLIA128-SHA256 | DHE-RSA-CAMELLIA256-SHA | IDEA-CBC-SHA |
ADH-CAMELLIA256-SHA | DHE-RSA-DES-CBC3-SHA | KRB5-DES-CBC-MD5 |
ADH-CAMELLIA256-SHA256 | DHE-RSA-SEED-SHA | KRB5-DES-CBC-SHA |
ADH-DES-CBC-SHA | ECDH-ECDSA-AES128-SHA | KRB5-DES-CBC3-MD5 |
ADH-DES-CBC3-SHA | ECDH-ECDSA-AES256-SHA | KRB5-DES-CBC3-SHA |
ADH-RC4-MD5 | ECDH-ECDSA-DES-CBC3-SHA | KRB5-IDEA-CBC-MD5 |
ADH-SEED-SHA | ECDH-ECDSA-NULL-SHA | KRB5-IDEA-CBC-SHA |
AECDH-AES128-SHA | ECDH-ECDSA-RC4-SHA | KRB5-RC4-MD5 |
AECDH-AES256-SHA | ECDH-RSA-AES128-SHA | KRB5-RC4-SHA |
AECDH-DES-CBC3-SHA | ECDH-RSA-AES256-SHA | NULL-MD5 |
AECDH-NULL-SHA | ECDH-RSA-DES-CBC3-SHA | NULL-SHA |
AECDH-RC4-SHA | ECDH-RSA-NULL-SHA | NULL-SHA256 |
AES128-SHA | ECDH-RSA-RC4-SHA | PSK-3DES-EDE-CBC-SHA |
AES256-SHA | ECDHE-ECDSA-AES128-SHA | PSK-AES128-CBC-SHA |
CAMELLIA128-SHA | ECDHE-ECDSA-AES256-SHA | PSK-AES256-CBC-SHA |
CAMELLIA256-SHA | ECDHE-ECDSA-DES-CBC3-SHA | PSK-NULL-SHA |
DES-CBC-SHA | ECDHE-ECDSA-NULL-SHA | PSK-NULL-SHA256 |
DES-CBC3-SHA | ECDHE-ECDSA-RC4-SHA | PSK-NULL-SHA384 |
DH-DSS-AES128-SHA | ECDHE-PSK-3DES-EDE-CBC-SHA | PSK-RC4-SHA |
DH-DSS-AES256-SHA | ECDHE-PSK-AES128-CBC-SHA | RC4-MD5 |
DH-DSS-CAMELLIA128-SHA | ECDHE-PSK-AES256-CBC-SHA | RC4-SHA |
DH-DSS-CAMELLIA256-SHA | ECDHE-PSK-NULL-SHA | RSA-PSK-3DES-EDE-CBC-SHA |
DH-DSS-DES-CBC-SHA | ECDHE-PSK-NULL-SHA256 | RSA-PSK-AES128-CBC-SHA |
DH-DSS-DES-CBC3-SHA | ECDHE-PSK-NULL-SHA384 | RSA-PSK-AES256-CBC-SHA |
DH-DSS-SEED-SHA | ECDHE-PSK-RC4-SHA | RSA-PSK-NULL-SHA |
DH-RSA-AES128-SHA | ECDHE-RSA-AES128-SHA | RSA-PSK-NULL-SHA256 |
DH-RSA-AES256-SHA | ECDHE-RSA-AES256-SHA | RSA-PSK-NULL-SHA384 |
DH-RSA-CAMELLIA128-SHA | ECDHE-RSA-DES-CBC3-SHA | SEED-SHA |
DH-RSA-CAMELLIA256-SHA | ECDHE-RSA-NULL-SHA | SRP-3DES-EDE-CBC-SHA |
DH-RSA-DES-CBC-SHA | ECDHE-RSA-RC4-SHA | SRP-AES-128-CBC-SHA |
DH-RSA-DES-CBC3-SHA | EDH-DSS-DES-CBC-SHA | SRP-AES-256-CBC-SHA |
DH-RSA-SEED-SHA | EDH-RSA-DES-CBC-SHA | SRP-DSS-3DES-EDE-CBC-SHA |
DHE-DSS-AES128-SHA | EXP-ADH-DES-CBC-SHA | SRP-DSS-AES-128-CBC-SHA |
DHE-DSS-AES256-SHA | EXP-ADH-RC4-MD5 | SRP-DSS-AES-256-CBC-SHA |
DHE-DSS-CAMELLIA128-SHA | EXP-DES-CBC-SHA | SRP-RSA-3DES-EDE-CBC-SHA |
DHE-DSS-CAMELLIA256-SHA | EXP-DH-DSS-DES-CBC-SHA | SRP-RSA-AES-128-CBC-SHA |
DHE-DSS-DES-CBC3-SHA | EXP-DH-RSA-DES-CBC-SHA | SRP-RSA-AES-256-CBC-SHA |
DHE-DSS-SEED-SHA | EXP-EDH-DSS-DES-CBC-SHA | TLS_FALLBACK_SCSV |
DHE-PSK-3DES-EDE-CBC-SHA | EXP-EDH-RSA-DES-CBC-SHA | |
DHE-PSK-AES128-CBC-SHA | EXP-KRB5-DES-CBC-MD5 |
The following insecure SSL ciphers that will not fail PCI requirements are detected by Alert Logic and reported under the "EID 217808: SSL – Server Supports Insecure SSL Ciphers" exposure.
AES128-CCM | DHE-PSK-AES256-CCM8 | ECDHE-PSK-AES128-CBC-SHA256 |
AES128-CCM8 | DHE-PSK-CAMELLIA128-SHA256 | ECDHE-PSK-AES256-CBC-SHA384 |
AES128-GCM-SHA256 | DHE-PSK-CAMELLIA256-SHA384 | ECDHE-PSK-CAMELLIA128-SHA256 |
AES128-SHA256 | DHE-RSA-AES128-CCM8 | ECDHE-PSK-CAMELLIA256-SHA384 |
AES256-CCM | DHE-RSA-AES128-SHA256 | ECDHE-RSA-AES128-SHA256 |
AES256-CCM8 | DHE-RSA-AES256-CCM8 | ECDHE-RSA-AES256-SHA384 |
AES256-GCM-SHA384 | DHE-RSA-AES256-SHA256 | ECDHE-RSA-CAMELLIA128-SHA256 |
AES256-SHA256 | DHE-RSA-CAMELLIA128-SHA256 | ECDHE-RSA-CAMELLIA256-SHA384 |
CAMELLIA128-SHA256 | DHE-RSA-CAMELLIA256-SHA256 | PSK-AES128-CBC-SHA256 |
CAMELLIA256-SHA256 | ECDH-ECDSA-AES128-GCM-SHA256 | PSK-AES128-CCM |
DH-DSS-AES128-GCM-SHA256 | ECDH-ECDSA-AES128-SHA256 | PSK-AES128-CCM8 |
DH-DSS-AES128-SHA256 | ECDH-ECDSA-AES256-GCM-SHA384 | PSK-AES128-GCM-SHA256 |
DH-DSS-AES256-GCM-SHA384 | ECDH-ECDSA-AES256-SHA384 | PSK-AES256-CBC-SHA384 |
DH-DSS-AES256-SHA256 | ECDH-ECDSA-CAMELLIA128-SHA256 | PSK-AES256-CCM |
DH-DSS-CAMELLIA128-SHA256 | ECDH-ECDSA-CAMELLIA256-SHA384 | PSK-AES256-CCM8 |
DH-RSA-AES128-GCM-SHA256 | ECDH-RSA-AES128-GCM-SHA256 | PSK-AES256-GCM-SHA384 |
DH-RSA-AES128-SHA256 | ECDH-RSA-AES128-SHA256 | PSK-CAMELLIA128-SHA256 |
DH-RSA-AES256-GCM-SHA384 | ECDH-RSA-AES256-GCM-SHA384 | PSK-CAMELLIA256-SHA384 |
DH-RSA-AES256-SHA256 | ECDH-RSA-AES256-SHA384 | PSK-CHACHA20-POLY1305 |
DH-RSA-CAMELLIA128-SHA256 | ECDH-RSA-CAMELLIA128-SHA256 | RSA-PSK-AES128-CBC-SHA256 |
DHE-DSS-AES128-GCM-SHA256 | ECDH-RSA-CAMELLIA256-SHA384 | RSA-PSK-AES128-GCM-SHA256 |
DHE-DSS-AES128-SHA256 | ECDHE-ECDSA-AES128-CCM | RSA-PSK-AES256-CBC-SHA384 |
DHE-DSS-AES256-GCM-SHA384 | ECDHE-ECDSA-AES128-CCM8 | RSA-PSK-AES256-GCM-SHA384 |
DHE-DSS-AES256-SHA256 | ECDHE-ECDSA-AES128-SHA256 | RSA-PSK-CAMELLIA128-SHA256 |
DHE-DSS-CAMELLIA128-SHA256 | ECDHE-ECDSA-AES256-CCM | RSA-PSK-CAMELLIA256-SHA384 |
DHE-DSS-CAMELLIA256-SHA256 | ECDHE-ECDSA-AES256-CCM8 | RSA-PSK-CHACHA20-POLY1305 |
DHE-PSK-AES128-CBC-SHA256 | ECDHE-ECDSA-AES256-SHA384 | TLS_AES_128_CCM_8_SHA256 |
DHE-PSK-AES128-CCM8 | ECDHE-ECDSA-CAMELLIA128-SHA256 | |
DHE-PSK-AES256-CBC-SHA384 | ECDHE-ECDSA-CAMELLIA256-SHA38 |
Comments
0 comments
Please sign in to leave a comment.