Wednesday, April 24, 2024

H3C firewall SSL weak cipher

Nessus vulnerability scan report about H3C firewall SSL weak cipher 

Go to "Objects" -> "SSL" -> "SSL Server Policies"

You will found that even you select "TLS 1.2" and Cipher suites "High level":

SSL_RSA_with_AES_128_CBC_SHA

SSL_RSA_with_AES_256_CBC_SHA


You still false in the security scanning report and it will show weak cipher.

Solution:

Use the following 4 Cipher:

 

https://www.tenable.com/plugins/nessus/156899 


After change the cipher under firewall GUI, then SSH to the firewall

 

> system-view

 

] undo ip https enable

 

] ip https enable

 

] save force

 

] exit

 

>

 

Print Friendly and PDF
Share/Bookmark
Posted by Billy Fung at 9:06 PM
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)