Hi,
UTM latest version. Email: TLS1.2 active.
Ran a scan using Hardenize and the result is:
TLS v1.2
Unknown preference
TLS_RSA_WITH_AES_128_CBC_SHA 128 bits
TLS_RSA_WITH_AES_256_CBC_SHA 256 bits
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits)
TLS_ECDH_anon_WITH_AES_128_CBC_SHA 128 bits
TLS_ECDH_anon_WITH_AES_256_CBC_SHA 256 bits
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 2048 bits)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 2048 bits)
TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits
TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits (DHE 2048 bits)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (DHE 2048 bits)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits (DHE 2048 bits)
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits (DHE 2048 bits)
TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits
TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (DHE 2048 bits)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (DHE 2048 bits)
Where do these 2 come from:
TLS_ECDH_anon_WITH_AES_128_CBC_SHA 128 bits
TLS_ECDH_anon_WITH_AES_256_CBC_SHA 256 bits
This is what I see in the reversproxy.conf:
SSLProtocol -all +TLSv1.2
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
Can I get rid of these anon-suits?
Thanks
This thread was automatically locked due to age.
