Clay N. Keller

Only RC4 Ciphers Enabled - Groovy Script

Discussion created by Clay N. Keller on Dec 14, 2015

I needed to find which assets *Only* had RC4 ciphers enabled. Chrome 48 beta already won't work if RC4 is the only cipher enabled on the SSL/TLS server.

 

Since the current QID for RC4 only tells you that RC4 is enabled, it doesn't really help you know if servers may be impacted by the upcoming deprecation of RC4 by most of the major browsers, including Chrome 48.

 

So this groovy scriptlet checks to see if RC4 is enabled in the SSL Server info results and looks to see if any of the other ciphers are not in the results.

I dug through several results to attempt to make sure I built a decent list of "other" ciphers. Seems to work so far.

 

if(asset.getAssetType()!=Asset.AssetType.HOST) return false;

return (asset.resultsForQid(38116L)?.contains("RC4") && !(

          asset.resultsForQid(38116L)?.contains("DES") ||

          asset.resultsForQid(38116L)?.contains("AES") ||

          asset.resultsForQid(38116L)?.contains("AESGCM") ||

          asset.resultsForQid(38116L)?.contains("3DES") ||

          asset.resultsForQid(38116L)?.contains("ECDH") ||

          asset.resultsForQid(38116L)?.contains("GCM")));

Outcomes