42873 ssl medium strength cipher suites supportd(sweet32)

[mania]

hi,
I have below vulnerability in centos7.6 , how can I get ride of that?
42873 ssl medium strength cipher suites supportd(sweet32)

[tunk]

I think the general answer to this is: yum update
CentOS 7.6 has a few years of (serious) accumulated security problems.

[TrevorH]

Yes, you have far more to worry about from being 3+ years out of date than you do from supporting weak ciphers. And if this is for Apache httpd then it's most likely to need tweaks to /etc/httpd/conf.d/ssl.conf to disable them. But yum update is several hundred times more important.

[mania]

Hi, unfortunately I dont have internet access. second , there is not such a path(/etc/httpd/conf.d/ssl.conf) in my server maybe it is due to nginx installation instead of apache. would you please tell what are weak ciphers and how can I disable them from nginx and ssh?

[jlehtone]

Whom do you expect to exploit your vulnerabilities?

[mania]

someone who can access the server even from other systems that have internet access or even unsatisfied clerks

[mania]

hi, There is not such a path(/etc/httpd/conf.d/ssl.conf) in my server maybe it is due to nginx installation instead of apache. would you please tell what are weak ciphers and how can I disable them from nginx and ssh?

[jlehtone]

someone who can access the server even from other systems that have internet access

If it is possible to have a system that is connected to both your server and inet, then why don't you have one to proxy updates into your server? There is no strong excuse not to update a server that can be accessed by non-isolated clients.


The /etc/httpd/conf.d/ssl.conf is provided by package 'mod_ssl' (SSL/TLS module for the Apache HTTP Server). The nginx probably has its own SSL/TLS implementation and configuration.

You can read man sshd_config and whatever documentation nginx has.