Support for security such as Firewalls and securing linux
6 posts • Page 1 of 1
I am not having an easy time turning off 3DES to fix SWEET32. This is an .ova for a phone system but I am trying to remediate some security vulnerabilities. If I go to /etc/httpd/conf.d/ssl.conf I have SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:!3DES. If I go to httpd.conf I have added the 3DES part to SSLCipherSuite HIGH:!aNULL:!MD5:!RC4:+SHA1 so it looked like SSLCipherSuite HIGH:!aNULL:!MD5:!RC4:!3DES:+SHA1, but each time I run nmap or Nessus it comes up with 3DES as a finding. Is there any other place I can shut it off?
Check the output of ss -antpl | grep 443 and make sure the process that is listening on the port is the one you think it is. Check the running process to see what config file it is using and make sure it is the one you think it should be.