04-21-2020 03:39 AM
Hi
I am running Minemeld on Ubuntu 16.04
The server is starting to show up in Vulnerability Scans depsite updating Ubuntu.
This is a list of the Vulnerbilties.
| TLS Server Supports TLS version 1.0 |
| TLS Server Supports TLS version 1.1 |
| Diffie-Hellman group smaller than 2048 bits |
| TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32) |
| TLS/SSL Server Supports 3DES Cipher Suite |
| TLS/SSL Server Is Using Commonly Used Prime Numbers |
| TLS/SSL Server Supports The Use of Static Key Ciphers |
| TLS/SSL Server is enabling the BEAST attack |
I suspect therefore the Minemeld may rely on some of the above?
Is there anyway i can resolve these vulnerabilities without detrimentally impacting Minemeld?
Regards
Stu
04-21-2020 03:41 AM
Hi @Stuart_Walton ,
all the TLS settings are defined in the nginx config. You can safely change the nginx config to apply your TLS best practices.
Luigi
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
