I am having an issue verifying an issue as a False Positive or not. The vulnerability we are seeing is “SSL Server May Be Forced to Use Weak Encryption Vulnerability”. When I run an SSLScan on the IP and port we are seeing the following:
Supported Server Cipher(s):
Accepted TLSv1 168 bits DES-CBC3-SHA
Preferred Server Cipher(s):
TLSv1 168 bits DES-CBC3-SHA
Since key lengths larger than 128 are considered HIGH I am not sure why this would consider the supported cipher as Weak. Stuck trying to understand this and if anyone could shed some light on it I would appreciate the info.