AnsweredAssumed Answered

SSL Scan Question

Question asked by gsperanza on Nov 6, 2013
Latest reply on Nov 11, 2013 by Ivan Ristić

First of all, thanks for the time reading this.

 

I have a questions about a scan of my site:

This show me two warnings:

Thissite is intolerant to newer protocol versions, which might cause connectionfailures.

This site supports only older protocol versions, but not the most recent and moresecure TLS 1.2.

 

Can you explain this? i scan my site too with qualys guard and take and advice about disable weak cipher in tomcat:

 

Tomcat

sslProtocol="SSLv3"

ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W

ITH_3DES_EDE_CBC_SHA"

 

But still give me the SSL/TLS use of weak RC4 cipher.

 

Who can disable RC4 in tomcat??, i have a oracle solution (weblogic).

 

to take away the warning i should enable TLS 1.2?? who this is possible in tomcat?.

 

Additionly SSL Scan says me that i have 4 certificates, and one of them say this:

Subject

 

VeriSign  / Class 3 Public Primary Certification Authority   In trust  store
  SHA1: 742c3192e607e424eb4549542be1bbc53e6174e2

 

Valid  until

 

Tue  Aug 01 23:59:59 UTC 2028 (expires in 14 years and 8 months)

 

Key

 

RSA  1024 bits

 

Issuer

 

VeriSign  / Class 3 Public Primary Certification Authority   Self-signed

 

Signature  algorithm

 

MD2withRSA    Weak, but not insecure on a self-signed cert

 

 

 

Where ssl scan take that information?? and what is "In Trus Store"?? SecureRenegotiation says that ACTION NEEDED, Who this enable in tomcat?.

 

Thanks.

Outcomes