Unsolved
This post is more than 5 years old
1 Message
0
81744
May 15th, 2009 13:00
Weak Ciphers accepted in Dell Openmange Server Administrator
Does anyone know how I can disable weak SSL ciphers for the OMSA web site? I can't seem to find anywhere in it's installation directory that specifies that. I have this issue on both Windows/Linux. Here's part of the output from my Nessus Scans. I would like to mitigate this vulnerability if possible.
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv2
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
SSLv3
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
ejhonda
8 Posts
0
November 23rd, 2009 12:00
Same situation here. It's disappointing to see Dell hasn't stepped up and taken ownership of this issue.
KeithInSac
2 Posts
0
August 13th, 2010 08:00
You're answer is posted here. http://en.community.dell.com/support-forums/servers/f/177/t/18523153.aspx
KeithInSac
2 Posts
0
August 13th, 2010 08:00
Your answer is posted here. http://en.community.dell.com/support-forums/servers/f/177/t/18523153.aspx
Nick.Garofalo
6 Posts
0
February 3rd, 2011 13:00
Is the link expired? Something error occurs when opening the link.