AnsweredAssumed Answered

SSL Server May Be Forced to Use Weak Encryption Vulnerability

Question asked by Jacob Hackler on Jan 7, 2015
Latest reply on Jan 7, 2015 by argerrit

Hi Community,

 

I am having an issue verifying an issue as a False Positive or not.  The vulnerability we are seeing is “SSL Server May Be Forced to Use Weak Encryption Vulnerability”.  When I run an SSLScan on the IP and port we are seeing the following:

 

Supported Server Cipher(s):

    Accepted  TLSv1  168 bits  DES-CBC3-SHA

 

  Preferred Server Cipher(s):

    TLSv1  168 bits  DES-CBC3-SHA


Since key lengths larger than 128 are considered HIGH I am not sure why this would consider the supported cipher as Weak.  Stuck trying to understand this and if anyone could shed some light on it I would appreciate the info.

 

Thanks,

Outcomes