[openssl-users] To disable CBC ciphers
kaushalshriyan at gmail.com
Sat Oct 20 13:59:29 UTC 2018
On Wed, Oct 17, 2018 at 7:00 PM murugesh pitchaiah <
murugesh.pitchaiah at gmail.com> wrote:
> You may list down what ciphers configured : "openssl ciphers"
> Choose CBC ciphers and add them to the list of 'ssl_ciphers' with "!"
> prefix appended to current ssl_ciphers.
> > ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH:!AAA_CBC_BBB:
> Murugesh P.
> On 10/17/18, Kaushal Shriyan <kaushalshriyan at gmail.com> wrote:
> > Hi,
> > I have the below ssl settings in nginx.conf file and VAPT test has
> > us to disable CBC ciphers
> > ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH;
> >> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> > openssl version on the box is OpenSSL 1.0.2k-fips 26 Jan 2017 on CentOS
> > Linux release 7.3.1611 (Core)
> > I will appreciate if someone can pitch in to help me understand to
> > CBC ciphers
> > Best Regards
> > Kaushal
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Thanks Murugesh. I did checked openssl ciphers
https://www.openssl.org/docs/man1.0.2/apps/ciphers.html and could not see
!AAA_CBC_BBB as mentioned in your email.
Correct me if i am understanding it wrong. Basically i want to disable
Cipher Block Chaining (CBC) mode cipher encryption. Openssl and OS version
are as below :-
openssl version on the box is OpenSSL 1.0.2k-fips 26 Jan 2017 on CentOS
> Linux release 7.3.1611 (Core)
Any tools which i can run to find out vulnerabilities in the above openssl
and OS version? Please guide and i look forward to hearing from you. Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users