TLS Vulnerabilities.

Reply
Highlighted
L1 Bithead

TLS Vulnerabilities.

Hi

 

I am running Minemeld on Ubuntu 16.04

 

The server is starting to show up in Vulnerability Scans depsite updating Ubuntu.

 

This is a list of the Vulnerbilties.

 

TLS Server Supports TLS version 1.0
TLS Server Supports TLS version 1.1
Diffie-Hellman group smaller than 2048 bits
TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)
TLS/SSL Server Supports 3DES Cipher Suite
TLS/SSL Server Is Using Commonly Used Prime Numbers
TLS/SSL Server Supports The Use of Static Key Ciphers
TLS/SSL Server is enabling the BEAST attack

 

I suspect therefore the Minemeld may rely on some of the above?

 

Is there anyway i can resolve these vulnerabilities without detrimentally impacting Minemeld?

 

Regards

 

Stu

Highlighted
L7 Applicator

Re: TLS Vulnerabilities.

Hi @Stuart_Walton ,

all the TLS settings are defined in the nginx config. You can safely change the nginx config to apply your TLS best practices.

 

Luigi

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!