Hi Community,
After a VA Scan, several insecure cipher suites was found in the server and we would like to know if we can follow the recommended fix provided.
Please find below VA Scan Result.
-
Negotiated with the following insecure cipher suites:- TLS 1.2 ciphers:
-
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-
TLS_RSA_WITH_AES_128_CBC_SHA
-
TLS_RSA_WITH_AES_256_CBC_SHA
-
- TLS 1.2 ciphers:
and the recommended fix provided
Disable any weak HMAC algorithms within the TLS configuration
The following recommended configuration provides a higher level of security. This configuration is compatible with Firefox 27, Chrome 31, Edge 12, IE 11, Opera 20 and Safari 9. SSLv2, SSLv3, TLSv1 and TLSv1.1 protocols are not recommended in this configuration. Instead use TLSv1.2 protocol.
Refer to your server vendor documentation to apply the recommended cipher configuration:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!SHA1:!DSS
Any help will be greatly appreciated.
Thanks and regards,